| Marketplace
Sign in
Azure DevOps>Azure Pipelines>OWASP Dependency Check

OWASP Dependency Check

OWASP Dependency Check

|
785 installs
| (1) | Free
Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.

OWASP Dependency Check

Dependency-Check is a software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems (autoconf and cmake). The tool can be part of a solution to the OWASP Top 10 2017 A9-Using Components with Known Vulnerabilities previously known as OWASP Top 10 2013 A9-Using Components with Known Vulnerabilities.

The OWASP Dependency Check Azure DevOps Extension enables the following features in an Azure Build Pipeline:

  • Software composition analysis runs against package references during each build

  • Export vulnerability data to HTML, JSON, XML, CSV, JUnit formatted reports

  • Download vulnerability reports from the build's artifacts

Installation and Configuration

  • Install the OWASP Dependency Check extension into your Azure DevOps Organization.

  • Open an Azure DevOps project and browse to the Pipelines / Builds.

  • Press the Edit button to modify the pipeline definition.

  • Press the + icon to add a new OWASP Dependency Check build task.

  • Search for the OWASP Dependency Check task and press the Add button.

  • Configure the build task with the appropriate Dependency Check Command Line Arguments.

Executing Dependency Check

  • Execute the pipeline and wait for the build to complete.

  • Review the build logs and ensure the the Dependency Check task successfully completed.

  • Click on the Dependency Check build task to view the build output.

Dependency Check Reports

  • Each of the selected report formats are uploaded to the Artifacts for downloading.

  • Select Dependency Check to open the Artifact Explorer and download the Dependency Check reports.

  • Dependency Check supports exporting the results to JUNIT formatted test results. To parse the JUNIT test results, create a new Publish Test Results build task with the following configuration.

  • View the Tests screen to view the passing and failing Dependency Check tests.

Learn More

More details on configuring and running Dependency Check can be found at https://jeremylong.github.io/DependencyCheck/.

Supported Environments

  • Azure DevOps Agents must be running a Windows agent with Powershell to execute the build task.

Contributors

Thank you to the following contributor(s) for this extension:

  • Eric Johnson (@emjohn20) - Principal Security Engineer, Puma Security

  • Even Schjølberg, Upheads

  • Contact us
  • Jobs
  • Privacy
  • Terms of use
  • Trademarks
© 2019 Microsoft