You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
With the latest versions of the Gradle plugin (8+), it attempts to retrieve data from https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml. Without storing its certificate on our machine, we are unable to access this site directly. Sadly, its certificate is updated almost every day, and we cannot do this process on every machine every day, so we are stuck.
The file above can be added to our internal Artifactory every day. By using hostedSuppressions, everyone will be able to access it. However, in our Artifactory, there are usernames and API tokens/passwords, and the current hostedSuppressions configuration doesn't provide anything besides the URL.
Describe the solution you'd like
Add username and API token/password to the hostedSuppressions.
Describe alternatives you've considered
I don't have any.
Additional context
In the case that you try to run the plugin without making any changes, you will receive these errors (which is indicative of a missing certificate):
Error downloading file https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml; unable to connect.
.
.
.
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
.
.
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
.
.
.
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In the case that you try to run the plugin with our Artifactory URL,
you will receive these errors (which is indicative of a missing username&password): Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error retrieving https://*****.jfrog.io/artifactory/******/owasp/publishedSuppressions.xml; received response code 401; null
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
With the latest versions of the Gradle plugin (8+), it attempts to retrieve data from https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml. Without storing its certificate on our machine, we are unable to access this site directly. Sadly, its certificate is updated almost every day, and we cannot do this process on every machine every day, so we are stuck.
The file above can be added to our internal Artifactory every day. By using
hostedSuppressions
, everyone will be able to access it. However, in our Artifactory, there are usernames and API tokens/passwords, and the currenthostedSuppressions
configuration doesn't provide anything besides the URL.Describe the solution you'd like
Add username and API token/password to the
hostedSuppressions
.Describe alternatives you've considered
I don't have any.
Additional context
In the case that you try to run the plugin without making any changes, you will receive these errors (which is indicative of a missing certificate):
In the case that you try to run the plugin with our Artifactory URL,
you will receive these errors (which is indicative of a missing username&password):
Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error retrieving https://*****.jfrog.io/artifactory/******/owasp/publishedSuppressions.xml; received response code 401; null
The text was updated successfully, but these errors were encountered: