fastlane-plugin-dependency_check_ios_analyzer 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/analyzer_helper.rb +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c616a1b00b47f1a1617d2d76d68ed0ec3c852dd7ad98063b7642701938fe1c2
|
|
4
|
+
data.tar.gz: dfedd536f98aa734ee7b77e23c728c7159667853a061fcf22f314c2a00f8ef6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8d13d7abadb6013b7e94d369f7c53e989b362dabe36af1992da3939cbd71b21ddec902e8582de9b72bf4eaeb892fa537d55fce3e130187786dc96a8f2481be6
|
|
7
|
+
data.tar.gz: 8310cd0d2fba159280ebf3c52eef846ec99c1b0d2d3ab5c59c4547194478377a269d92f9e0dc99831c4c1ad9466c62581ca5ae0381baf915aed1521dc221bc3d
|
data/README.md
CHANGED
|
@@ -11,17 +11,17 @@ This analyzer is considered experimental. While it may be useful and provide val
|
|
|
11
11
|
## Parameters
|
|
12
12
|
|
|
13
13
|
| **Key** | **Description** | **Default** |
|
|
14
|
-
|
|
|
14
|
+
| ------- |---------------- | ----------- |
|
|
15
15
|
| `skip_spm_analysis` | Skip analysis of `SPM` dependencies | `false` |
|
|
16
16
|
| `skip_pods_analysis` | Skip analysis of `CocoaPods` dependencies | `false` |
|
|
17
17
|
| `spm_checkouts_path` | Path to Swift Packages, if they are resolved | |
|
|
18
|
-
| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented** | |
|
|
18
|
+
| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented yet** | |
|
|
19
19
|
| `project_path` | Path to the directory that contains an Xcode project, workspace or package. Defaults to the `root` | |
|
|
20
20
|
| `project_name` | The project's name | `DependencyCheck` |
|
|
21
21
|
| `output_directory` | The directory in which all reports will be stored | dependency-check |
|
|
22
22
|
| `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
|
|
23
|
-
| `cli_version` |
|
|
24
|
-
| `
|
|
23
|
+
| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.1.6` |
|
|
24
|
+
| `gpg_key` | Overwrite the GPG key to verify the cryptographic integrity of the requested `cli_version` | |
|
|
25
25
|
| `verbose` | The file path to write verbose logging information | |
|
|
26
26
|
| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | |
|
|
27
27
|
| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | |
|
|
@@ -108,20 +108,20 @@ module Fastlane
|
|
|
108
108
|
key: :output_types,
|
|
109
109
|
description: 'Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all)',
|
|
110
110
|
optional: true,
|
|
111
|
-
default_value: '
|
|
111
|
+
default_value: 'sarif',
|
|
112
112
|
is_string: true,
|
|
113
113
|
type: String
|
|
114
114
|
),
|
|
115
115
|
FastlaneCore::ConfigItem.new(
|
|
116
116
|
key: :cli_version,
|
|
117
|
-
description: '
|
|
117
|
+
description: 'Overwrite the version of DependencyCheck analyzer. Not recommended',
|
|
118
118
|
optional: true,
|
|
119
119
|
is_string: true,
|
|
120
120
|
type: String
|
|
121
121
|
),
|
|
122
122
|
FastlaneCore::ConfigItem.new(
|
|
123
|
-
key: :
|
|
124
|
-
description: '
|
|
123
|
+
key: :gpg_key,
|
|
124
|
+
description: 'Overwrite the GPG key to verify the cryptographic integrity of the requested cli_version',
|
|
125
125
|
optional: true,
|
|
126
126
|
is_string: true,
|
|
127
127
|
type: String
|
|
@@ -11,7 +11,7 @@ module Fastlane
|
|
|
11
11
|
repo = 'https://github.com/jeremylong/DependencyCheck'
|
|
12
12
|
name = 'dependency-check'
|
|
13
13
|
version = params[:cli_version] ? params[:cli_version] : '6.1.6'
|
|
14
|
-
|
|
14
|
+
gpg_key = params[:gpg_key] ? params[:gpg_key] : 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
|
|
15
15
|
base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
|
|
16
16
|
bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
|
|
17
17
|
zip_path = "#{params[:output_directory]}/#{name}.zip"
|
|
@@ -32,7 +32,7 @@ module Fastlane
|
|
|
32
32
|
curl = Curl.get(asc_url) { |curl| curl.follow_location = true }
|
|
33
33
|
File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
|
|
34
34
|
|
|
35
|
-
verify_cryptographic_integrity(asc_path: asc_path,
|
|
35
|
+
verify_cryptographic_integrity(asc_path: asc_path, gpg_key: gpg_key)
|
|
36
36
|
|
|
37
37
|
unzip(file: zip_path, params: params)
|
|
38
38
|
|
|
@@ -79,10 +79,10 @@ module Fastlane
|
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
# https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
|
|
82
|
-
def self.verify_cryptographic_integrity(asc_path:,
|
|
82
|
+
def self.verify_cryptographic_integrity(asc_path:, gpg_key:)
|
|
83
83
|
UI.message("🕵️ Verifying the cryptographic integrity")
|
|
84
84
|
# Import the GPG key used to sign all DependencyCheck releases
|
|
85
|
-
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{
|
|
85
|
+
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{gpg_key}")
|
|
86
86
|
# Verify the cryptographic integrity
|
|
87
87
|
Actions.sh("gpg --verify #{asc_path}")
|
|
88
88
|
end
|