[Maven] Disable .Net-based Assembly Analyzer with OWASP Dependency Check [Java]

things to do

I'm using the OWASP Dependency Check and the project is Java but .NET Assembly Analyzer could not be initialized and at least one'exe' or'dll' was scanned. The'dotnet' executable could not be found on the path; I was in trouble with the error "either disable the Assembly Analyzer or configure the path dotnet core..

So, disable the .Net family of Assembly Analyzer.

manner

You can do this by disabling ʻassemblyAnalyzerEnabled, nugetconfAnalyzerEnabledandnuspecAnalyzerEnabled` as follows:

<!--abridgement-->
<plugin>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-maven</artifactId>
    <version>5.0.0</version>
    <configuration>
      <!-- .Disable Net content-->
      <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
      <nugetconfAnalyzerEnabled>false</nugetconfAnalyzerEnabled>
      <nuspecAnalyzerEnabled>false</nuspecAnalyzerEnabled>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>check</goal>
            </goals>
        </execution>
    </executions>
</plugin>
<!--abridgement-->

Supplement

See the official documentation below for what can be disabled. If it is Java, it may be okay to cut off the contents related to Golang.

Recommended Posts

[Maven] Disable .Net-based Assembly Analyzer with OWASP Dependency Check [Java]
Try gRPC with Java, Maven
[Java] Element existence check with Stream
Check the operation using jetty with Maven.
OWASP dependency check and authentication proxy and me
Check heap usage with Java Flight Recorder