github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation v1.3.1

Browse Source
This commit is contained in:
Jeremy Long
2015-09-20 07:41:29 -04:00
parent 4fd8873223
commit 191c5fae56
1456 changed files with 125936 additions and 63077 deletions
Download Patch File Download Diff File Expand all files Collapse all files

335
data/cachenvd.html Normal file
View File

@@ -0,0 +1,335 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Snapshotting the NVD</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:-20px;margin-bottom:5px !important }</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Snapshotting the NVD</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.1
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<span class="icon-chevron-down"></span>
Internet Access Required</a>
<ul class="nav nav-list">
<li>
<a href="../data/proxy.html" title="Proxy">
<span class="none"></span>
Proxy</a>
</li>
<li>
<a href="../data/mirrornvd.html" title="Mirroring NVD">
<span class="none"></span>
Mirroring NVD</a>
</li>
<li class="active">
<a href="#"><span class="none"></span>Snapshotting the NVD</a>
</li>
<li>
<a href="../data/database.html" title="Central DB">
<span class="none"></span>
Central DB</a>
</li>
</ul>
</li>
<li>
<a href="../related.html" title="Related Work">
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Snapshotting the NVD</h1>
<p>The <a href="./mirrornvd.html">Mirroring the NVD from NIST</a> topic describes briefly how to use the <a class="externalLink" href="https://github.com/stevespringett/nist-data-mirror/">Nist-Data-Mirror</a> project to cache the NVD locally and run Dependency Check (D-C) against the local cache.</p>
<p>This topic goes into a bit more depth with the <a href="../dependency-check-cli/index.html">cli</a> client, focusing on the following use case.</p>
<ol style="list-style-type: decimal">
<li>You wish to have daily local snapshots of the NVD, so that</li>
<li>in order to compare later runs of D-C with earlier runs, you can compare &#x201c;apples with apples&#x201d;.</li>
</ol>
<p>In other words: It is sometimes desirable to run a comparison D-C analysis against the same NVD snapshot that an earlier D-C report used.</p>
<p>In the steps below, concrete examples will be given assuming an Ubuntu Linux system. Hopefully, enough explanation is provided that the steps can easily be translated to other systems.</p>
<div class="section">
<h2><a name="Build_Nist-Data-Mirror"></a>Build Nist-Data-Mirror</h2>
<ol style="list-style-type: decimal">
<li>Perform a &#x201c;git clone&#x201d; of <a class="externalLink" href="https://github.com/stevespringett/nist-data-mirror/">Nist-Data-Mirror</a></li>
<li>Install gradle, if necessary. See <a class="externalLink" href="http://gradle.org/gradle-download/">here</a> or your Linux distributions package management system. (e.g., <tt>sudo apt-get install gradle</tt>).</li>
<li>Follow the <a class="externalLink" href="https://github.com/stevespringett/nist-data-mirror/blob/master/README.md#user-content-build">build instructions</a>. You will be left with a build artifact called <tt>nist-data-mirror-1.0.0.jar</tt>.</li>
</ol></div>
<div class="section">
<h2><a name="Set_Up_a_Daily_NVD_Download_Job"></a>Set Up a Daily NVD Download Job</h2>
<p>On Linux, the way to do this using the <a class="externalLink" href="http://linux.die.net/man/8/cron">cron daemon</a>. &#x201c;Cron jobs&#x201d; are configured by invoking <a class="externalLink" href="http://linux.die.net/man/5/crontab">crontab</a>. For example, invoke <tt>crontab -e</tt> to add a line like the following to your crontab file:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">4 5 * * * ~/.local/bin/nvd_download.sh ~/NVD ~/.local/jars
</pre></div></div>
<p>This would run a job on your system at 4:05 AM daily to run the <a href="general/nvd_download.sh">nvd_download.sh</a> shell script with the two given arguments. The script is simple:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">#!/bin/sh
NVD_ROOT=$1/`date -I`
JAR_PATH=$2/nist-data-mirror-1.0.0.jar
java -jar $JAR_PATH $NVD_ROOT
rm $NVD_ROOT/*.xml # D-C works directly with .gz files anyway.
</pre></div></div>
<p>Nist-Data-Mirror will automatically create the directory, download the .xml.gz files, and extract the .xml files alongside them. Given the parameters in the cron example above, the new directory will be <tt>~/NVD/2015-08-03</tt> if executed on August 3<sup>rd</sup>, 2015. The download for 2015-08-03 pulled 47 MiB, and took up a total of 668 MiB after extracting from the compressed archive format. It turns out that D-C works directly with the .xml.gz files, so the above script preserves disk space by deleting the .xml files.</p></div>
<div class="section">
<h2><a name="Invoke_the_Command-Line_Using_a_Specific_Daily_Snapshot"></a>Invoke the Command-Line Using a Specific Daily Snapshot</h2>
<p>An example script named <a href="general/dep-check-date.sh">dep-check-date.sh</a> is shown below, which facilitates a D-C scan against an arbitrary NVD snapshot:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">#!/bin/sh
CLI_LOCATION=~/.local/dependency-check-1.2.11
CLI_SCRIPT=$CLI_LOCATION/bin/dependency-check.sh
NVD_PATH=$1/`date -I -d $2`
NVD=file://$NVD_PATH
shift 2 # We've used the first two params. The rest go to CLI_SCRIPT.
$CLI_SCRIPT --cveUrl20Base $NVD/nvdcve-2.0-%d.xml.gz \
--cveUrl12Base $NVD/nvdcve-%d.xml.gz \
--cveUrl20Modified $NVD/nvdcve-2.0-Modified.xml.gz \
--cveUrl12Modified $NVD/nvdcve-Modified.xml.gz \
--data $NVD_PATH $@
</pre></div></div>
<p>The script takes advantage of the <tt>date</tt> command&#x2019;s ability to parse a variety of date formats. The following invokation would successfully point to the <tt>~/NVD/2015-08-03</tt> folder.</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">$ ./dep-check-date.sh ~/NVD &quot;08/03/2015&quot; -app Foo -scan /path/to/Foo --out ~/DCreports/FooFollowup/
</pre></div></div>
<p>If today happened to be August 4th, 2015, <tt>&quot;yesterday&quot;</tt> also would have worked. Also notice the usage of the <tt>--data</tt> parameter. This places the H2 database file directly in the folder alongside the .xml.gz files. This is critical, so that D-C doesn&#x2019;t run against another version of the database, like the usual default in <tt>$CLI_LOCATION/data</tt>.</p></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>

86
data/database.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Using a Database Server</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Using a Database Server</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,65 +72,72 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
Internet Access Required</a>
<ul class="nav nav-list">
<li>
<a href="../data/proxy.html" title="Proxy">
<i class="none"></i>
<span class="none"></span>
Proxy</a>
</li>
<li>
<a href="../data/mirrornvd.html" title="Mirroring NVD">
<i class="none"></i>
<span class="none"></span>
Mirroring NVD</a>
</li>
<li>
<a href="../data/cachenvd.html" title="Snapshotting the NVD">
<span class="none"></span>
Snapshotting the NVD</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Central DB</a>
<a href="#"><span class="none"></span>Central DB</a>
</li>
</ul>
</li>
@@ -138,54 +145,68 @@
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -226,7 +247,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Using a Database Server</h1>
<p><font color="red"><b>WARNING: This discusses an advanced setup and you may run into issues.</b></font></p>
@@ -267,15 +288,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

90
data/index.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Internet Access Required</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Internet Access Required</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,64 +72,71 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li class="active">
<a href="#"><i class="icon-chevron-down"></i>Internet Access Required</a>
<a href="#"><span class="icon-chevron-down"></span>Internet Access Required</a>
<ul class="nav nav-list">
<li>
<a href="../data/proxy.html" title="Proxy">
<i class="none"></i>
<span class="none"></span>
Proxy</a>
</li>
<li>
<a href="../data/mirrornvd.html" title="Mirroring NVD">
<i class="none"></i>
<span class="none"></span>
Mirroring NVD</a>
</li>
<li>
<a href="../data/cachenvd.html" title="Snapshotting the NVD">
<span class="none"></span>
Snapshotting the NVD</a>
</li>
<li>
<a href="../data/database.html" title="Central DB">
<i class="none"></i>
<span class="none"></span>
Central DB</a>
</li>
</ul>
@@ -138,54 +145,68 @@
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -226,12 +247,12 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Internet Access Required</h1>
<p>There are two reasons dependency-check needs access to the Internet. Below you will find a discussion of each problem and possibly resolutions if you are facing organizational constraints.</p>
<div class="section">
<h2>Local NVD Database<a name="Local_NVD_Database"></a></h2>
<h2><a name="Local_NVD_Database"></a>Local NVD Database</h2>
<p>OWASP dependency-check maintains a local copy of the NVD data hosted by NIST. By default, a local <a class="externalLink" href="http://www.h2database.com/html/main.html">H2 database</a> instance is used. As each instance maintains its own copy of the NVD the machine will need access to nvd.nist.gov in order to download the NVD data feeds. While the initial download of the NVD data feed is large, if after the initial download the tool is run at least once every seven days only two small XML files containing the recent modifications will need to be downloaded.</p>
<p>If your build servers are using dependency-check and are unable to access the Internet you have a few options:</p>
@@ -244,7 +265,7 @@
<li>Use a more robust <a href="./database.html">centralized database</a> with a single update node</li>
</ol></div>
<div class="section">
<h2>Downloading Additional Information<a name="Downloading_Additional_Information"></a></h2>
<h2><a name="Downloading_Additional_Information"></a>Downloading Additional Information</h2>
<p>If the machine that is running dependency-check cannot reach the <a class="externalLink" href="http://search.maven.org">Central Repository</a> the analysis may result in false negatives. This is because some POM files, that are not contained within the JAR file itself, contain evidence that is used to accurately identify a library. If Central cannot be reached, it is highly recommended to setup a Nexus server within your organization and to configure dependency-check to use the local Nexus server. <b>Note</b>, even with a Nexus server setup I have seen dependency-check be re-directed to other repositories on the Internet to download the actual POM file.</p></div>
</div>
</div>
@@ -255,15 +276,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

86
data/mirrornvd.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Mirroring the NVD from NIST</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Mirroring the NVD from NIST</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,64 +72,71 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
Internet Access Required</a>
<ul class="nav nav-list">
<li>
<a href="../data/proxy.html" title="Proxy">
<i class="none"></i>
<span class="none"></span>
Proxy</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Mirroring NVD</a>
<a href="#"><span class="none"></span>Mirroring NVD</a>
</li>
<li>
<a href="../data/cachenvd.html" title="Snapshotting the NVD">
<span class="none"></span>
Snapshotting the NVD</a>
</li>
<li>
<a href="../data/database.html" title="Central DB">
<i class="none"></i>
<span class="none"></span>
Central DB</a>
</li>
</ul>
@@ -138,54 +145,68 @@
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -226,7 +247,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Mirroring the NVD from NIST</h1>
<p>Several organizations have opted to mirror the NVD on an internal server and have the dependency-check clients simply pull the updates from the mirror. This setup is fairly simple:</p>
@@ -267,15 +288,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>

86
data/proxy.html
View File

@@ -1,21 +1,21 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2015-08-04
| Rendered using Apache Maven Fluido Skin 1.3.1
| Generated by Apache Maven Doxia at 2015-09-20
| Rendered using Apache Maven Fluido Skin 1.4
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20150804" />
<meta name="Date-Revision-yyyymmdd" content="20150920" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Proxy Configuration</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.1.min.css" />
<title>dependency-check &#x2013; Proxy Configuration</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.4.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.3.1.min.js"></script>
<script type="text/javascript" src="../js/apache-maven-fluido-1.4.min.js"></script>
@@ -29,7 +29,7 @@
<a href="http://github.com/jeremylong/DependencyCheck">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-08-04</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-09-20</li>
<li id="projectVersion" class="pull-right">
Version: 1.3.0
Version: 1.3.1
</li>
</ul>
@@ -72,64 +72,71 @@
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
General</a>
<ul class="nav nav-list">
<li>
<a href="../general/internals.html" title="How it Works">
<i class="none"></i>
<span class="none"></span>
How it Works</a>
</li>
<li>
<a href="../general/thereport.html" title="Reading the Report">
<i class="none"></i>
<span class="none"></span>
Reading the Report</a>
</li>
<li>
<a href="../general/suppression.html" title="False Positives">
<i class="none"></i>
<span class="none"></span>
False Positives</a>
</li>
<li>
<a href="../data/index.html" title="Internet Access Required">
<i class="icon-chevron-down"></i>
<span class="icon-chevron-down"></span>
Internet Access Required</a>
<ul class="nav nav-list">
<li class="active">
<a href="#"><i class="none"></i>Proxy</a>
<a href="#"><span class="none"></span>Proxy</a>
</li>
<li>
<a href="../data/mirrornvd.html" title="Mirroring NVD">
<i class="none"></i>
<span class="none"></span>
Mirroring NVD</a>
</li>
<li>
<a href="../data/cachenvd.html" title="Snapshotting the NVD">
<span class="none"></span>
Snapshotting the NVD</a>
</li>
<li>
<a href="../data/database.html" title="Central DB">
<i class="none"></i>
<span class="none"></span>
Central DB</a>
</li>
</ul>
@@ -138,54 +145,68 @@
<li>
<a href="../related.html" title="Related Work">
<i class="none"></i>
<span class="none"></span>
Related Work</a>
</li>
<li>
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pptx)</a>
</li>
<li>
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
<span class="none"></span>
Project Presentation (pdf)</a>
</li>
<li>
<a href="../general/SampleReport.html" title="Sample Report">
<i class="none"></i>
<span class="none"></span>
Sample Report</a>
</li>
<li>
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
<span class="none"></span>
How to Scan an ISO Image</a>
</li>
</ul>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Modules</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
@@ -226,7 +247,7 @@
</div>
<div id="bodyColumn" class="span9" >
<div id="bodyColumn" class="span10" >
<h1>Proxy Configuration</h1>
<p>All of the dependency-check clients (CLI, Maven, Ant, Jenkins) can be configured to use a proxy to connect to the Internet. See the configuration settings for each:</p>
@@ -249,15 +270,14 @@
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2015
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</div>
</footer>
</body>