Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Are SWIFT Package.resolved files supported?

See original GitHub issue

Hi,

in the documentation I see that Package.swift / Package.resolved files should be supported (with the experimental flag). See link: https://jeremylong.github.io/DependencyCheck/analyzers/swift.html

When trying to scan by using the following command

dependency-check --enableExperimental --project myProject --out . --scan path/to/Package.resolved --format HTML --failOnCVSS 0

I see no Info in the logs that the file was analyzed nor do I see any scanned dependency in the HTML output. Output:

[INFO] Checking for updates
[INFO] Skipping NVD check since last check was within 4 hours.
[INFO] Skipping RetireJS update since last update was within 24 hours.
[INFO] Check for updates complete (152 ms)
[INFO]
 
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
 
 
   About ODC: https://jeremylong.github.io/DependencyCheck/general/internals.html
   False Positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
 
💖 Sponsor: https://github.com/sponsors/jeremylong
 
 
[INFO] Analysis Started
[INFO] Finished File Name Analyzer (0 seconds)
[INFO] Finished Dependency Merging Analyzer (0 seconds)
[INFO] Finished Version Filter Analyzer (0 seconds)
[INFO] Finished Hint Analyzer (0 seconds)
[INFO] Created CPE Index (2 seconds)
[INFO] Finished NPM CPE Analyzer (2 seconds)
[INFO] Created CPE Index (1 seconds)
[INFO] Finished CPE Analyzer (1 seconds)
[INFO] Finished False Positive Analyzer (0 seconds)
[INFO] Finished NVD CVE Analyzer (0 seconds)
[INFO] Finished Sonatype OSS Index Analyzer (0 seconds)
[INFO] Finished Vulnerability Suppression Analyzer (0 seconds)
[INFO] Finished Dependency Bundling Analyzer (0 seconds)
[INFO] Analysis Complete (4 seconds)
[INFO] Writing report to: /Users/orschaef/.../dependency-check-report.html

Used dependency-check version is 6.4.1 via homebrew.

Do I miss something here or is this simply not supported? (Just Package.swift files?)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
jeremylongcommented, Oct 31, 2021

Apparently a stupid mistake was made when the Swift Resolved Analyzer was added - the fix will be included in the next release.

0reactions
orschaefcommented, Nov 2, 2021

Thanks!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Package.resolved should go in the .gitignore - Swift Forums
Package.resolved file records the result of dependency resolution whenever SwiftPM performs it. If the file is already present, SwiftPM will try ...
Read more >
Swift Package Manager: understand resolve, reset and update
The swift package resolve command resolves the dependencies, taking into account the current version restrictions in the Package.swift manifest ...
Read more >
Package.resolved file is corrupted or malformed - Stack Overflow
The Package.resolved file is inside your .xcodeproj directory at [appName].xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved.
Read more >
Xcode 13.2.1 Could not resolve package dependencies
I'm having issues trying to install any swift packages in Xcode 13.2, 13.2.1. ... Package.resolved file is corrupted or malformed; fix or delete...
Read more >
Adopting Swift Packages in Xcode - WWDC NOTES
When adding a package in a project, a new swiftpm folder is created under xcshareddata , this should be committed as it contains...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

False positives on multiple Golang libraries

Next page

Maven31DependencyResolverException for aggregate dependency check