From 3abe41580534d10d99dfcc313658b4b253321d4e Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 5 Jan 2018 06:32:28 -0500 Subject: [PATCH] updates to resolve #1050 and #1051 --- README.md | 7 +++++-- .../taskdefs/DependencyCheckTaskTest.java | 2 +- .../src/site/markdown/index.md.vm | 13 +++++++++---- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fbc769d96..ea58e4761 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,10 @@ $ dependency-check --project Testing --out . --scan [path to jar files to be sca ### Maven Plugin More detailed instructions can be found on the [dependency-check-maven github pages](http://jeremylong.github.io/DependencyCheck/dependency-check-maven). -The plugin can be configured using the following: +By default, the plugin is tied to the `verify` phase (i.e. `mvn verify`). Alternatively, +one can directly invoke the plugin via `mvn org.owasp:dependency-check-maven:check`. + +The dependency-check plugin can be configured using the following: ```xml @@ -97,7 +100,7 @@ On Windows > .\dependency-check-cli\target\release\bin\dependency-check.bat --project Testing --out . --scan ./src/test/resources ``` -Then load the resulting 'DependencyCheck-Report.html' into your favorite browser. +Then load the resulting 'dependency-check-report.html' into your favorite browser. ### Docker diff --git a/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java b/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java index 96d6477e5..ef74bde83 100644 --- a/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java +++ b/dependency-check-ant/src/test/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTaskTest.java @@ -57,7 +57,7 @@ public class DependencyCheckTaskTest extends BaseDBTestCase { public void testAddFileSet() throws Exception { File report = new File("target/dependency-check-report.html"); if (report.exists() && !report.delete()) { - throw new Exception("Unable to delete 'target/DependencyCheck-Report.html' prior to test."); + throw new Exception("Unable to delete 'target/dependency-check-report.html' prior to test."); } buildFileRule.executeTarget("test.fileset"); assertTrue("DependencyCheck report was not generated", report.exists()); diff --git a/dependency-check-maven/src/site/markdown/index.md.vm b/dependency-check-maven/src/site/markdown/index.md.vm index c17a27d5e..945301c25 100644 --- a/dependency-check-maven/src/site/markdown/index.md.vm +++ b/dependency-check-maven/src/site/markdown/index.md.vm @@ -10,10 +10,15 @@ Vulnerability Database (NVD) hosted by NIST: https://nvd.nist.gov After the first batch download, as long as the plug-in is executed at least once every seven days the update will only take a few seconds. +### Default Phase +The dependency-check plugin is, by default, tied to the `verify` or `site` phase +depending on if it is configured as a build or reporting plugin. The examples +below can be executed using `mvn verify` or in the reporting example `mvn site`. + #set( $H = '#' ) $H$H$H Example 1: -Create the DependencyCheck-report.html in the target directory. +Create the dependency-check-report.html in the target directory. ```xml @@ -73,7 +78,7 @@ Create an aggregated dependency-check report within the site. ``` $H$H$H Example 3: -Create the DependencyCheck-report.html and fail the build for CVSS greater than or equal to 8. +Create the dependency-check-report.html and fail the build for CVSS greater than or equal to 8. ```xml @@ -106,7 +111,7 @@ Create the DependencyCheck-report.html and fail the build for CVSS greater than ``` $H$H$H Example 4: -Create the DependencyCheck-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope). +Create the dependency-check-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope). ```xml @@ -140,7 +145,7 @@ Create the DependencyCheck-report.html and skip artifacts not bundled in distrib ``` $H$H$H Example 5: -Create the DependencyCheck-report.html and use internal mirroring of CVE contents. +Create the dependency-check-report.html and use internal mirroring of CVE contents. ```xml