fastlane-plugin-dependency_check_ios_analyzer 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/actions/dependency_check_ios_analyzer_action.rb +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/helper/analyzer_helper.rb +4 -4
- data/lib/fastlane/plugin/dependency_check_ios_analyzer/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0c616a1b00b47f1a1617d2d76d68ed0ec3c852dd7ad98063b7642701938fe1c2
|
|
4
|
+
data.tar.gz: dfedd536f98aa734ee7b77e23c728c7159667853a061fcf22f314c2a00f8ef6d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8d13d7abadb6013b7e94d369f7c53e989b362dabe36af1992da3939cbd71b21ddec902e8582de9b72bf4eaeb892fa537d55fce3e130187786dc96a8f2481be6
|
|
7
|
+
data.tar.gz: 8310cd0d2fba159280ebf3c52eef846ec99c1b0d2d3ab5c59c4547194478377a269d92f9e0dc99831c4c1ad9466c62581ca5ae0381baf915aed1521dc221bc3d
|
data/README.md
CHANGED
|
@@ -11,17 +11,17 @@ This analyzer is considered experimental. While it may be useful and provide val
|
|
|
11
11
|
## Parameters
|
|
12
12
|
|
|
13
13
|
| **Key** | **Description** | **Default** |
|
|
14
|
-
|
|
|
14
|
+
| ------- |---------------- | ----------- |
|
|
15
15
|
| `skip_spm_analysis` | Skip analysis of `SPM` dependencies | `false` |
|
|
16
16
|
| `skip_pods_analysis` | Skip analysis of `CocoaPods` dependencies | `false` |
|
|
17
17
|
| `spm_checkouts_path` | Path to Swift Packages, if they are resolved | |
|
|
18
|
-
| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented** | |
|
|
18
|
+
| `pod_file_lock_path` | Path to the `Podfile.lock` file. **Not implemented yet** | |
|
|
19
19
|
| `project_path` | Path to the directory that contains an Xcode project, workspace or package. Defaults to the `root` | |
|
|
20
20
|
| `project_name` | The project's name | `DependencyCheck` |
|
|
21
21
|
| `output_directory` | The directory in which all reports will be stored | dependency-check |
|
|
22
22
|
| `output_types` | Comma separated list of the output types (e.g. `html`, `xml`, `csv`, `json`, `junit`, `sarif`, `all`) | `sarif` |
|
|
23
|
-
| `cli_version` |
|
|
24
|
-
| `
|
|
23
|
+
| `cli_version` | Overwrite the version of `DependencyCheck` analyzer | `6.1.6` |
|
|
24
|
+
| `gpg_key` | Overwrite the GPG key to verify the cryptographic integrity of the requested `cli_version` | |
|
|
25
25
|
| `verbose` | The file path to write verbose logging information | |
|
|
26
26
|
| `fail_on_cvss` | Specifies if the build should be failed if a CVSS score above a specified level is identified. Since the CVSS scores are 0-10, by default the build will never fail | |
|
|
27
27
|
| `junit_fail_on_cvss` | Specifies the CVSS score that is considered a failure when generating the junit report | |
|
|
@@ -108,20 +108,20 @@ module Fastlane
|
|
|
108
108
|
key: :output_types,
|
|
109
109
|
description: 'Comma separated list of the output types (e.g. html, xml, csv, json, junit, sarif, all)',
|
|
110
110
|
optional: true,
|
|
111
|
-
default_value: '
|
|
111
|
+
default_value: 'sarif',
|
|
112
112
|
is_string: true,
|
|
113
113
|
type: String
|
|
114
114
|
),
|
|
115
115
|
FastlaneCore::ConfigItem.new(
|
|
116
116
|
key: :cli_version,
|
|
117
|
-
description: '
|
|
117
|
+
description: 'Overwrite the version of DependencyCheck analyzer. Not recommended',
|
|
118
118
|
optional: true,
|
|
119
119
|
is_string: true,
|
|
120
120
|
type: String
|
|
121
121
|
),
|
|
122
122
|
FastlaneCore::ConfigItem.new(
|
|
123
|
-
key: :
|
|
124
|
-
description: '
|
|
123
|
+
key: :gpg_key,
|
|
124
|
+
description: 'Overwrite the GPG key to verify the cryptographic integrity of the requested cli_version',
|
|
125
125
|
optional: true,
|
|
126
126
|
is_string: true,
|
|
127
127
|
type: String
|
|
@@ -11,7 +11,7 @@ module Fastlane
|
|
|
11
11
|
repo = 'https://github.com/jeremylong/DependencyCheck'
|
|
12
12
|
name = 'dependency-check'
|
|
13
13
|
version = params[:cli_version] ? params[:cli_version] : '6.1.6'
|
|
14
|
-
|
|
14
|
+
gpg_key = params[:gpg_key] ? params[:gpg_key] : 'F9514E84AE3708288374BBBE097586CFEA37F9A6'
|
|
15
15
|
base_url = "#{repo}/releases/download/v#{version}/#{name}-#{version}-release"
|
|
16
16
|
bin_path = "#{params[:output_directory]}/#{name}/bin/#{name}.sh"
|
|
17
17
|
zip_path = "#{params[:output_directory]}/#{name}.zip"
|
|
@@ -32,7 +32,7 @@ module Fastlane
|
|
|
32
32
|
curl = Curl.get(asc_url) { |curl| curl.follow_location = true }
|
|
33
33
|
File.open(asc_path, 'w+') { |f| f.write(curl.body_str) }
|
|
34
34
|
|
|
35
|
-
verify_cryptographic_integrity(asc_path: asc_path,
|
|
35
|
+
verify_cryptographic_integrity(asc_path: asc_path, gpg_key: gpg_key)
|
|
36
36
|
|
|
37
37
|
unzip(file: zip_path, params: params)
|
|
38
38
|
|
|
@@ -79,10 +79,10 @@ module Fastlane
|
|
|
79
79
|
end
|
|
80
80
|
|
|
81
81
|
# https://jeremylong.github.io/DependencyCheck/dependency-check-cli/
|
|
82
|
-
def self.verify_cryptographic_integrity(asc_path:,
|
|
82
|
+
def self.verify_cryptographic_integrity(asc_path:, gpg_key:)
|
|
83
83
|
UI.message("🕵️ Verifying the cryptographic integrity")
|
|
84
84
|
# Import the GPG key used to sign all DependencyCheck releases
|
|
85
|
-
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{
|
|
85
|
+
Actions.sh("gpg --keyserver hkp://keys.gnupg.net --recv-keys #{gpg_key}")
|
|
86
86
|
# Verify the cryptographic integrity
|
|
87
87
|
Actions.sh("gpg --verify #{asc_path}")
|
|
88
88
|
end
|