updates to resolve issue #71 - added configuration for cve urls

Former-commit-id: 4074c6f54b8813166cbc24b8f51b2ab00a861f50
2026-03-18 07:14:09 +01:00 · 2014-02-15 07:50:00 -05:00
parent f16db8298b
commit 22e3b9b544
3 changed files with 97 additions and 10 deletions
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -23,6 +23,11 @@ connectionString     | The connection string used to connect to the database. |
 databaseUser         | The username used when connecting to the database. |
 databasePassword     | The password used when connecting to the database. |
 zipExtensions        | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
-skipTestScope | Should be skip analysis for artifacts with Test Scope (default: true) |
-skipProvidedScope | Should be skip analysis for artifacts with Provided Scope (default: false) |
-skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope (default: false) |
+skipTestScope | Should be skip analysis for artifacts with Test Scope | true
+skipProvidedScope | Should be skip analysis for artifacts with Provided Scope | false
+skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope | false
+dataDirectory | Data directory to hold SQL CVEs contents. This should generally not be changed. |
+cveUrl12Modified | URL for the modified CVE 1.2 | http://nvd.nist.gov/download/nvdcve-modified.xml
+cveUrl20Modified | URL for the modified CVE 2.0 | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
+cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year | http://nvd.nist.gov/download/nvdcve-%d.xml
+cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml
--- a/dependency-check-maven/src/site/markdown/usage.md.vm
+++ b/dependency-check-maven/src/site/markdown/usage.md.vm
@@ -135,4 +135,38 @@ Create the DependencyCheck-report.html and skip artifacts no bundled in distribu
    ...
 </project>
 ```
+Example 5:
+---------------------
+Create the DependencyCheck-report.html and use internal mirroring of CVE contents
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>${project.version}</version>
+                <configuration>
+                    <cveUrl12Modified>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-modified.xml</cveUrl12Modified>
+                    <cveUrl20Modified>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-2.0-modified.xml</cveUrl20Modified>
+                    <cveUrl12Base>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-%d.xml</cveUrl12Base>
+                    <cveUrl20Base>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-2.0-%d.xml</cveUrl20Base>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```