fastlane-plugin-dependency_check_ios_analyzer 0.1.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 660f1ed90d6f3f6f65d75491077ff0163590226fc0cf71dc00604af2565ac317
-  data.tar.gz: 8a02db2fb5c3d921e60b9fd4dbdb8aa879f923baa7ef22127c4853b36fade699
+  metadata.gz: 7558dd5b5b9ea0f549e3db5b52b55b7e92f2a09f416c0c8d887af72fbf8ca957
+  data.tar.gz: 3dc1036d2ac5c6aaeb6190e4b2d9f15fd747ff3e716e21248aba0228e30d3ff4
 SHA512:
-  metadata.gz: 9d2afdd951f732aa69b4f39c9d7b4b7e4921912ae877e9828d8ec8351fb74713c4cefcd4a4cec0aa8be9ba6b2f1c91001aac4dd86e8816cbf3bb5477c5cd260b
-  data.tar.gz: 10ea8e5bfb61ad113dd578f8b1eb33f511469db0e69a4cc17aa4fc5785cda3c2a7fa851b09394aaf14d899cf2dbfa7565ec6399b4a9383d9182390bca49a55e0
+  metadata.gz: af7f6ea2260834ae295d95263fae7735daafd909592fc78d561f1cf79f544d7e1f700bec73d781a9d1285f1abc16c123554a5d5824e3ee9a4aa68c54b5e3c9b7
+  data.tar.gz: 1000a9c5781c6a19d25f0c1d86f82d0cd9f2b7464d1c7813cbc3d78e9b588686abcb4ccebfb29e01cc55b006a48d47e91db1cbb86d4baa552bcd882dca916a8a

data/README.md

@@ -4,27 +4,27 @@
 
 ## About dependency_check_ios_analyzer
 
-Fastlane wrapper around the [OWASP dependency-check](https://jeremylong.github.io/DependencyCheck) [Swift Package Manager](https://jeremylong.github.io/DependencyCheck/analyzers/swift.html) and [Cocoapods](https://jeremylong.github.io/DependencyCheck/analyzers/cocoapods.html) analyzers 🚀
+Fastlane wrapper around the [OWASP dependency-check](https://jeremylong.github.io/DependencyCheck) iOS analyzers ([Swift Package Manager](https://jeremylong.github.io/DependencyCheck/analyzers/swift.html) and [CocoaPods](https://jeremylong.github.io/DependencyCheck/analyzers/cocoapods.html)).
 
 This analyzer is considered experimental. While it may be useful and provide valid results more testing must be completed to ensure that the false negative/false positive rates are acceptable.
 
 ## Parameters
 
-| *Key* | *Description* | *Default* |
-| ------|-------------- | --------- |
-| `skip_spm_analysis` | Skip analysis of SPM dependencies | `false` |
-| `skip_pods_analysis` | Skip analysis of Cocoapods dependencies | `false` |
-| `spm_checkouts_path` | Path to Swift Packages, if they are resolved | |
-| `pod_file_lock_path` | Path to the `Podfile.lock` file | |
-| `project_name` | The project's name | DependencyCheck |
-| `output_directory` | The directory in which all reports will be stored | dependency-check |
+| **Key** | **Description** | **Default** |
+| ------- |---------------- | ----------- |
+| `skip_spm_analysis` | Skip analysis of `SPM` dependencies | `false` |
+| `skip_pods_analysis` | Skip analysis of `CocoaPods` dependencies | `false` |
+| `spm_checkouts_path` | Path to Swift Packages, if resolved | |
+| `pod_file_lock_path` | Path to the `Podfile.lock` file, if exists | |
+| `project_path` | Path to the directory that contains an Xcode project, workspace or package. Defaults to the `root` | |
+| `project_name` | The project's name | `DependencyCheck` |
+| `output_directory` | The directory in which all reports will be stored | `dependency-check` |
 | `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
-| `cli_version` | Specify the required version of DependencyCheck analyzer. *Not recommended* | |
-| `rsa_key` | Specify the RSA_KEY of DependencyCheck analyzer download. *Not recommended* | |
+| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.2.2` |
 | `verbose` | The file path to write verbose logging information | |
-| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | |
-| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | |
-| `keep_binary_on_exit` | Keep `DependencyCheck` binary and data on exit | |
+| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | `11` |
+| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | `0` |
+| `keep_binary_on_exit` | Keep `DependencyCheck` binary and data on exit | `true` |
 
 ## Requirements
 
@@ -42,8 +42,13 @@ $ fastlane add_plugin dependency_check_ios_analyzer
 ## Usage
 
 ```ruby
-vulnerabilities_count = dependency_check_ios_analyzer(
-  output_types: 'HTML, JUNIT',
+dependency_check_ios_analyzer(
+  project_name: 'SampleProject',
+  output_types: 'html, junit',
   fail_on_cvss: 7
 )
 ```
+
+## How to read the reports
+
+* [Docs](https://jeremylong.github.io/DependencyCheck/general/thereport.html)

data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb

@@ -1,25 +1,25 @@
 require 'fastlane_core/ui/ui'
 require 'fastlane/action'
+require_relative '../helper/configuration_helper'
 require_relative '../helper/analyzer_helper'
-require_relative '../helper/pods_helper'
-require_relative '../helper/spm_helper'
 
 module Fastlane
   module Actions
     class DependencyCheckIosAnalyzerAction < Action
       def self.run(params)
-        params[:output_types] = Helper::AnalyzerHelper.parse_output_types(params[:output_types])
-        bin_path = Helper::AnalyzerHelper.install(params)
-        @success = Helper::SpmHelper.analize(bin_path: bin_path, params: params)
-        @vulnerabilities = Helper::AnalyzerHelper.parse_report("#{params[:output_directory]}/SPM/*.sarif")
-        on_exit(params)
+        params[:output_types] = Helper::ConfigurationHelper.parse_output_types(params[:output_types])
+        bin_path = Helper::ConfigurationHelper.install(params)
+
+        spm_analysis = Helper::AnalyzerHelper.analize_packages(bin_path: bin_path, params: params)
+        pods_analysis = Helper::AnalyzerHelper.analize_pods(bin_path: bin_path, params: params)
+
+        on_exit(params: params, result: (spm_analysis && pods_analysis))
       end
 
-      def self.on_exit(params)
-        Helper::AnalyzerHelper.clean_up(params)
-        say_goodbye = "🦠 There are #{@vulnerabilities} potential vulnerabilities. " \
-                      'Check out the report for further investigation.'
-        @success ? UI.important(say_goodbye) : UI.crash!(say_goodbye)
+      def self.on_exit(params:, result:)
+        Helper::ConfigurationHelper.clean_up(params)
+        say_goodbye = '✨ Check out the report for further investigation.'
+        result ? UI.important(say_goodbye) : UI.user_error!(say_goodbye)
       end
 
       #####################################################
@@ -27,7 +27,7 @@ module Fastlane
       #####################################################
 
       def self.description
-        'Fastlane wrapper around the OWASP dependency-check Swift Package Manager and Cocoapods analyzers.'
+        'Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package Manager and CocoaPods).'
       end
 
       def self.authors
@@ -36,19 +36,14 @@ module Fastlane
 
       def self.example_code
         [
-          vulnerabilities_count = dependency_check_ios_analyzer(
-            project_name: 'MyProject',
-            skip_pods_analysis: true,
-            output_types: 'HTML, JUNIT',
-            fail_on_cvss: 7
+          dependency_check_ios_analyzer(
+            project_name: 'SampleProject',
+            output_types: 'html, junit',
+            fail_on_cvss: 3
           )
         ]
       end
 
-      def self.return_value
-        @vulnerabilities
-      end
-
       def self.available_options
         [
           FastlaneCore::ConfigItem.new(
@@ -61,7 +56,7 @@ module Fastlane
           ),
           FastlaneCore::ConfigItem.new(
             key: :skip_pods_analysis,
-            description: 'Skip analysis of Cocoapods dependencies',
+            description: 'Skip analysis of CocoaPods dependencies',
             optional: true,
             default_value: false,
             is_string: false,
@@ -69,14 +64,21 @@ module Fastlane
           ),
           FastlaneCore::ConfigItem.new(
             key: :spm_checkouts_path,
-            description: 'Path to Swift Packages, if they are resolved',
+            description: 'Path to Swift Packages, if resolved',
             optional: true,
             is_string: true,
             type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :pod_file_lock_path,
-            description: 'Path to the Podfile.lock file',
+            description: 'Path to the Podfile.lock file, if exists',
+            optional: true,
+            is_string: true,
+            type: String
+          ),
+          FastlaneCore::ConfigItem.new(
+            key: :project_path,
+            description: 'Path to the directory that contains an Xcode project, workspace or package. Defaults to root',
             optional: true,
             is_string: true,
             type: String
@@ -101,20 +103,13 @@ module Fastlane
             key: :output_types,
             description: 'Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all)',
             optional: true,
-            default_value: 'SARIF',
+            default_value: 'sarif',
             is_string: true,
             type: String
           ),
           FastlaneCore::ConfigItem.new(
             key: :cli_version,
-            description: 'Specify the required version of DependencyCheck analyzer. Not recommended',
-            optional: true,
-            is_string: true,
-            type: String
-          ),
-          FastlaneCore::ConfigItem.new(
-            key: :rsa_key,
-            description: 'Specify the RSA_KEY of DependencyCheck analyzer download. Not recommended',
+            description: 'Overwrite the version of DependencyCheck analyzer. Not recommended',
             optional: true,
             is_string: true,
             type: String

data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/analyzer_helper.rb

@@ -1,90 +1,111 @@
-require 'json'
-require 'curb'
-require 'zip'
-
 module Fastlane
   UI = FastlaneCore::UI unless Fastlane.const_defined?("UI")
 
   module Helper
     class AnalyzerHelper
-      def self.install(params)
-        repo = 'https://github.com/jeremylong/DependencyCheck'
-        name = 'dependency-check'
-        version = params[:cli_version] ? params[:cli_version] : '6.1.6'
-        rsa_key = params[:rsa_key] ? params[:rsa_key] : 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
-        base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
-        bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
-        zip_path = "#{params[:output_directory]}/#{name}.zip"
-        asc_path = "#{zip_path}.asc"
-
-        unless File.exist?(bin_path)
-          FileUtils.mkdir_p(params[:output_directory])
-
-          unless File.exist?(zip_path)
-            zip_url = "#{base_url}.zip"
-            UI.message("🚀 Downloading DependencyCheck: #{zip_url}")
-            curl = Curl.get(zip_url) { |curl| curl.follow_location = true }
-            File.open(zip_path, 'w+') { |f| f.write(curl.body_str) }
-          end
-
-          asc_url = "#{base_url}.zip.asc"
-          UI.message("🚀 Downloading associated GPG signature file: #{asc_url}")
-          curl = Curl.get(asc_url) { |curl| curl.follow_location = true }
-          File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
-
-          verify_cryptographic_integrity(asc_path: asc_path, rsa_key: rsa_key)
-
-          unzip(file: zip_path, params: params)
-
-          FileUtils.rm_rf(zip_path)
-          FileUtils.rm_rf(asc_path)
-        end
+      def self.analize_packages(bin_path:, params:)
+        return true if params[:skip_spm_analysis]
+
+        path_to_report = "#{params[:output_directory]}/SwiftPackages"
+        clean_reports_folder(path_to_report)
+        params[:spm_checkouts_path] = resolve_package_dependencies(params)
+
+        check_dependencies(
+          params: params,
+          bin_path: bin_path,
+          path_to_report: path_to_report,
+          destination: params[:spm_checkouts_path]
+        )
+      end
+
+      def self.analize_pods(bin_path:, params:)
+        return true if params[:skip_pods_analysis]
 
-        bin_path
+        path_to_report = "#{params[:output_directory]}/CocoaPods"
+        clean_reports_folder(path_to_report)
+        params[:pod_file_lock_path] = resolve_pods_dependencies(params)
+
+        check_dependencies(
+          params: params,
+          bin_path: bin_path,
+          path_to_report: path_to_report,
+          destination: params[:pod_file_lock_path]
+        )
       end
 
-      def self.parse_output_types(output_types)
-        list = output_types.delete(' ').split(',')
-        list << 'sarif' unless list.include?('sarif')
-        report_types = ''
-        list.each { |output_type| report_types += " --format #{output_type.upcase}" }
+      private
 
-        UI.message("🎥 Output types: #{list}")
-        report_types
+      def self.clean_reports_folder(path)
+        FileUtils.rm_rf(path)
+        FileUtils.mkdir_p(path)
       end
 
-      def self.parse_report(report)
-        if Dir[report].empty?
-          UI.crash!('Something went wrong. There is no report to analyze. Consider reporting a bug.')
+      def self.check_dependencies(params:, bin_path:, path_to_report:, destination:)
+        # Specify verbose output
+        verbose = params[:verbose] ? " --log #{params[:verbose]}" : ''
+
+        # Make the script executable
+        Actions.sh("chmod 775 #{bin_path}")
+
+        # Execute dependency-check
+        begin
+          Actions.sh(
+            "#{bin_path}" \
+              " --enableExperimental" \
+              " --disableBundleAudit" \
+              " --prettyPrint" \
+              " --project #{params[:project_name]}" \
+              " --out #{path_to_report}/report" \
+              " --failOnCVSS #{params[:fail_on_cvss]}" \
+              " --scan #{destination}" \
+              "#{params[:output_types]}" \
+              "#{verbose}"
+          )
+          true
+        rescue
+          false
         end
+      end
+
+      def self.parse_the_report(report)
+        UI.crash!('There is no report to analyze. Consider reporting a bug.') if Dir[report].empty?
 
         JSON.parse(File.read(Dir[report].first))['runs'][0]['results'].size
       end
 
-      def self.clean_up(params)
-        return if params[:keep_binary_on_exit]
+      def self.resolve_package_dependencies(params)
+        return params[:spm_checkouts_path] if params[:spm_checkouts_path]
 
-        FileUtils.rm_rf("#{params[:output_directory]}/dependency-check")
-      end
+        UI.user_error!("xcodebuild not installed") if `which xcodebuild`.length.zero?
 
-      private
+        checkouts_path = "#{params[:output_directory]}/SwiftPackages/checkouts"
+        checkouts_path = "#{Dir.pwd}/#{checkouts_path}" unless params[:output_directory].include?(Dir.pwd)
 
-      def self.unzip(file:, params:)
-        Zip::File.open(file) do |zip_file|
-          zip_file.each do |f|
-            fpath = File.join(params[:output_directory], f.name)
-            zip_file.extract(f, fpath) unless File.exist?(fpath)
-          end
+        if params[:project_path]
+          Actions.sh("cd #{params[:project_path]} && " \
+                     "set -o pipefail && " \
+                     "xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
+        else
+          Actions.sh("set -o pipefail && " \
+                     "xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
         end
+
+        UI.message("🎉 SPM checkouts path: #{checkouts_path}")
+        checkouts_path
       end
 
-      # https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
-      def self.verify_cryptographic_integrity(asc_path:, rsa_key:)
-        UI.message("🕵️  Verifying the cryptographic integrity")
-        # Import the GPG key used to sign all DependencyCheck releases
-        Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{rsa_key}")
-        # Verify the cryptographic integrity
-        Actions.sh("gpg --verify #{asc_path}")
+      def self.resolve_pods_dependencies(params)
+        return params[:pod_file_lock_path] if params[:pod_file_lock_path]
+
+        UI.user_error!("pod not installed") if `which pod`.length.zero?
+
+        if params[:project_path]
+          Actions.sh("cd #{params[:project_path]} && set -o pipefail && pod install")
+        else
+          Actions.sh("set -o pipefail && pod install")
+        end
+
+        params[:project_path] ? "#{params[:project_path]}/Podfile.lock" : 'Podfile.lock'
       end
     end
   end

data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/configuration_helper.rb

@@ -0,0 +1,64 @@
+require 'json'
+require 'curb'
+require 'zip'
+
+module Fastlane
+  UI = FastlaneCore::UI unless Fastlane.const_defined?("UI")
+
+  module Helper
+    class ConfigurationHelper
+      def self.install(params)
+        repo = 'https://github.com/jeremylong/DependencyCheck'
+        name = 'dependency-check'
+        version = params[:cli_version] ? params[:cli_version] : '6.2.2'
+        base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
+        bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
+        zip_path = "#{params[:output_directory]}/#{name}.zip"
+
+        unless File.exist?(bin_path)
+          FileUtils.mkdir_p(params[:output_directory])
+
+          unless File.exist?(zip_path)
+            zip_url = "#{base_url}.zip"
+            UI.message("🚀 Downloading DependencyCheck: #{zip_url}")
+            curl = Curl.get(zip_url) { |curl| curl.follow_location = true }
+            File.open(zip_path, 'w+') { |f| f.write(curl.body_str) }
+          end
+
+          unzip(file: zip_path, params: params)
+
+          FileUtils.rm_rf(zip_path)
+        end
+
+        bin_path
+      end
+
+      def self.parse_output_types(output_types)
+        list = output_types.delete(' ').split(',')
+        list << 'sarif' unless output_types =~ (/(sarif|all)/)
+        report_types = ''
+        list.each { |output_type| report_types += " --format #{output_type.upcase}" }
+
+        UI.message("🎥 Output types: #{list}")
+        report_types
+      end
+
+      def self.clean_up(params)
+        return if params[:keep_binary_on_exit]
+
+        FileUtils.rm_rf("#{params[:output_directory]}/dependency-check")
+      end
+
+      private
+
+      def self.unzip(file:, params:)
+        Zip::File.open(file) do |zip_file|
+          zip_file.each do |f|
+            fpath = File.join(params[:output_directory], f.name)
+            zip_file.extract(f, fpath) unless File.exist?(fpath)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb

@@ -1,5 +1,5 @@
 module Fastlane
   module DependencyCheckIosAnalyzer
-    VERSION = '0.1.0'
+    VERSION = '1.1.1'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fastlane-plugin-dependency_check_ios_analyzer
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Alexey Alter-Pesotskiy
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-05-01 00:00:00.000000000 Z
+date: 2021-07-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: curb
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: cocoapods
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: fasterer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.8.3
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -175,8 +203,7 @@ files:
 - lib/fastlane/plugin/dependency_check_ios_analyzer.rb
 - lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb
 - lib/fastlane/plugin/dependency_check_ios_analyzer/helper/analyzer_helper.rb
-- lib/fastlane/plugin/dependency_check_ios_analyzer/helper/pods_helper.rb
-- lib/fastlane/plugin/dependency_check_ios_analyzer/helper/spm_helper.rb
+- lib/fastlane/plugin/dependency_check_ios_analyzer/helper/configuration_helper.rb
 - lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb
 homepage: https://github.com/alteral/fastlane-plugin-dependency_check_ios_analyzer
 licenses:
@@ -200,6 +227,6 @@ requirements: []
 rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
-summary: Fastlane wrapper around the OWASP dependency-check Swift Package Manager
-  and Cocoapods analyzers.
+summary: Fastlane wrapper around the OWASP dependency-check iOS analyzers (Swift Package
+  Manager and CocoaPods).
 test_files: []

data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/pods_helper.rb

@@ -1,27 +0,0 @@
-module Fastlane
-  UI = FastlaneCore::UI unless Fastlane.const_defined?("UI")
-
-  module Helper
-    class PodsHelper
-      def self.analize(params)
-        if params[:skip_pods_analysis]
-          UI.important("⚡ Cocoapods dependencies will NOT be analyzed.")
-          return 0
-        end
-
-        0 # FIXME: https://github.com/alteral/fastlane-plugin-dependency_check_ios_analyzer/issues/3
-      end
-
-      private
-
-      def self.verify(params)
-        report = "#{params[:output_directory]}/Cocoapods/*.sarif"
-        if Dir[report].empty?
-          UI.crash!('Something went wrong. There is no report to analyze. Consider reporting a bug.')
-        end
-
-        JSON.parse(File.read(Dir[report].first))
-      end
-    end
-  end
-end

data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/spm_helper.rb

@@ -1,58 +0,0 @@
-module Fastlane
-  UI = FastlaneCore::UI unless Fastlane.const_defined?("UI")
-
-  module Helper
-    class SpmHelper
-      def self.analize(bin_path:, params:)
-        if params[:skip_spm_analysis]
-          UI.important("⚡ SPM dependencies will NOT be analyzed.")
-          return 0
-        end
-
-        # Verify xcodebuild
-        UI.user_error!("xcodebuild not installed") if `which xcodebuild`.length.zero?
-
-        # Specify verbose output
-        verbose = params[:verbose] ? " --log #{params[:verbose]}" : ''
-
-        # Resolve package ddependencies
-        checkouts_path = resolve_package_dependencies(params)
-
-        # Make the script executable
-        Actions.sh("chmod 775 #{bin_path}")
-
-        # Execute DependencyCheck
-        begin
-          Actions.sh(
-            "#{bin_path}" \
-              " --enableExperimental" \
-              " --disableBundleAudit" \
-              " --prettyPrint" \
-              " --project #{params[:project_name]}" \
-              " --out #{params[:output_directory]}/SPM" \
-              " --failOnCVSS #{params[:fail_on_cvss]}" \
-              " --scan #{checkouts_path}" \
-              "#{params[:output_types]}" \
-              "#{verbose}"
-          )
-        rescue
-          return false
-        end
-
-        true
-      end
-
-      private
-
-      def self.resolve_package_dependencies(params)
-        return params[:spm_checkouts_path] if params[:spm_checkouts_path]
-
-        checkouts_path = "#{params[:output_directory]}/SPM/SourcePackages"
-        Actions.sh("set -o pipefail && xcodebuild -resolvePackageDependencies -clonedSourcePackagesDirPath #{checkouts_path}")
-
-        UI.message("🎉 SPM checkouts path: #{checkouts_path}")
-        checkouts_path
-      end
-    end
-  end
-end