{"id":25519662,"url":"https://github.com/aligent/owasp-dependency-check-pipe","last_synced_at":"2025-04-11T00:32:57.799Z","repository":{"id":39416867,"uuid":"426072761","full_name":"aligent/owasp-dependency-check-pipe","owner":"aligent","description":null,"archived":false,"fork":false,"pushed_at":"2025-01-13T01:14:57.000Z","size":85,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-04-02T23:46:09.520Z","etag":null,"topics":["pipe"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aligent.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-09T03:04:21.000Z","updated_at":"2025-01-13T01:15:01.000Z","dependencies_parsed_at":"2022-09-20T02:41:26.004Z","dependency_job_id":"51e613fe-2b70-4fd5-82f4-217b803f9c9c","html_url":"https://github.com/aligent/owasp-dependency-check-pipe","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aligent%2Fowasp-dependency-check-pipe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aligent%2Fowasp-dependency-check-pipe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aligent%2Fowasp-dependency-check-pipe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aligent%2Fowasp-dependency-check-pipe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aligent","download_url":"https://codeload.github.com/aligent/owasp-dependency-check-pipe/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248322770,"owners_count":21084336,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pipe"],"created_at":"2025-02-19T17:29:18.059Z","updated_at":"2025-04-11T00:32:57.778Z","avatar_url":"https://github.com/aligent.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OWASP Dependency Check Pipe\n\nThis pipe is used to perform OWASP dependency checks using [jeremylong/DependencyCheck](https://github.com/jeremylong/DependencyCheck)\n\n## YAML Definition\n\nAdd the following your `bitbucket-pipelines.yml` file:\n\n```yaml\n      - step:\n          name: \"Code Standards check\"\n          script:\n            - pipe: docker://aligent/owasp-dependency-check-pipe\n              variables:\n                SCAN_PATH: \"./composer.lock\"\n                CVSS_FAIL_LEVEL: \"1\"\n```\n\n## Variables\n\n| Variable              | Usage                                                       |\n| --------------------- | ----------------------------------------------------------- |\n| SCAN_PATH             | Relative paths to scan. Default: repository root. |\n| CVSS_FAIL_LEVEL       | (Optional) If the score set between 0 and 10 the exit code from dependency-check will indicate if a vulnerability with a CVSS score equal to or higher was identified. |\n| SUPPRESSION_FILE_PATH | (Optional) Path to a [suppression list](https://jeremylong.github.io/DependencyCheck/general/suppression.html) |\n| DISABLE_OSSINDEX      | (Optional) Disable OSS Index Analysis. Boolean |\n| OSSINDEX_USERNAME      | (Optional) Provide OSS Index Username. Disregarded when DISABLE_OSSINDEX is set True |\n| OSSINDEX_PASSWORD      | (Optional) Provide OSS Index Password. Disregarded when DISABLE_OSSINDEX is set True |\n| NVD_API_KEY          | (Optional) Provide an API key for NVD. |\n| OUTPUT_PATH           | (Optional) Path to output test results. |\n| UPDATE_DB             | (Optional) Pass `true` if that database should be updated. Defaults to false |\n| EXTRA_ARGS            | (Optional) Extra arguments to pass to dependency-check. i.e `--disableRetireJS` |\n\n⚠️ For npm/yarn projects, you should provide the directory containing `package-lock.json` or `yarn.lock` and `node-modules` as `SCAN_PATH`.\n\n## Development\n\nThe following command with world-writable `test-results` directory under project root can be used to invoke the pipe locally:\n\n```bash\ndocker run --rm -e OUTPUT_PATH=\"/tmp/test-results/\" -e CVSS_FAIL_LEVEL=1 -e SCAN_PATH=./composer.lock -v $PWD:/build --workdir=/build aligent/owasp-dependency-check-pipe\n```\n\nCommits published to the `main` branch  will trigger an automated build.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faligent%2Fowasp-dependency-check-pipe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faligent%2Fowasp-dependency-check-pipe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faligent%2Fowasp-dependency-check-pipe/lists"}