diff --git a/index.js b/index.js index 35b6b1f..56371ab 100755 --- a/index.js +++ b/index.js @@ -7,7 +7,8 @@ program .allowUnknownOption() .option('-o, --out ', 'the folder to write reports to', './dependency-check-reports') .option('--bin ', 'directory to which the dependency-check CLI will be installed', './dependency-check-bin') - .option('--force-install', 'install the dependency-check CLI even if there already is one (will be overwritten)'); + .option('--force-install', 'install the dependency-check CLI even if there already is one (will be overwritten)') + .option('--odc-version ', 'the version of the dependency-check CLI to install in format "v1.2.3" or "latest"', 'latest'); program.addHelpText('after', ` You can also use any arguments supported by the Owasp Dependency Check CLI tool, see: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html diff --git a/lib/utils.js b/lib/utils.js index a9f314d..6c7e652 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -11,10 +11,11 @@ const extract = require('extract-zip'); const IS_WIN = os.platform() === 'win32'; const NAME_RE = /^dependency\-check\-\d\.\d\.\d\-release\.zip$/; -const RELEASE_URL = 'https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest'; +const LATEST_RELEASE_URL = 'https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest'; +const TAG_RELEASE_URL = 'https://api.github.com/repos/jeremylong/DependencyCheck/releases/tags/'; function getBinDir() { - return path.resolve(process.cwd(), program.opts().bin); + return path.resolve(process.cwd(), program.opts().bin, program.opts().odcVersion); } function getCmdArguments() { @@ -69,7 +70,9 @@ async function install() { cleanDir(binDir); - const res = await fetch(RELEASE_URL); + // if odc version is latest use latest URL, otherwise use version URL + const url = program.opts().odcVersion === 'latest' ? LATEST_RELEASE_URL : TAG_RELEASE_URL + program.opts().odcVersion; + const res = await fetch(url); const json = await res.json(); const asset = json.assets.find(a => NAME_RE.test(a.name));