Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

authentication credentials for hostedSuppressionsUrl #5387

Open
robocrock opened this issue Jan 26, 2023 · 3 comments
Open

authentication credentials for hostedSuppressionsUrl #5387

robocrock opened this issue Jan 26, 2023 · 3 comments

Comments

@robocrock
Copy link

robocrock commented Jan 26, 2023

Hi!

We are running the dependency checker as maven plugin in a ci/cd-runner without internet access. The runner has however access to a local service which is able to mirror the suppression-url. The service requires authentication in order to access the url.

It seems when specifying the hostedSuppressionsUrl setting, the plugin is trying to access the local service, but it seems the suppressionFileUser and suppressionFilePassword is not used when accessing hostedSuppressionsUrl?

It it possible to specify username and password/access-token in any way for the hostedSuppressionsUrl, or is it something that would be considered useful in an upcominge update?

@aikebah
Copy link
Collaborator

aikebah commented Jan 26, 2023

As we already support a similar case for retireJS mirrors with the retireJsUser/Password parameters I think this is a valid enhancement request.

@robocrock
Copy link
Author

If this is accepted, then maybe if it is not too much more work, the same could be configured for the knownExploitedUrl also? We currently have this disabled for the same reason, that username and password/access-token cannot be specified.

@YaroslavYakymenko
Copy link

We created an artifactory mirror for the CISA website but authentication for knownExploitedUrl is not supported.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants