github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

documentation version 1.4.2

Browse Source
This commit is contained in:
Jeremy Long
2016-07-31 08:10:07 -04:00
parent 6193968089
commit 44917ad0d3
1319 changed files with 93942 additions and 60498 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
data/database.html
View File

@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-06-16
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2016-07-31
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20160616" />
<meta name="Date-Revision-yyyymmdd" content="20160731" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Using a Database Server</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.5.min.css" />
@@ -59,9 +59,9 @@
<li class="active ">Using a Database Server</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2016-06-16</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2016-07-31</li>
<li id="projectVersion" class="pull-right">
Version: 1.4.0
Version: 1.4.2
</li>
</ul>
@@ -244,11 +244,12 @@
<h1>Using a Database Server</h1>
<p><font color="red"><b>WARNING: This discusses an advanced setup and you may run into issues.</b></font></p>
<p>Out of the box dependency-check uses a local H2 database. The location of the database file is configured using the data directory configuration option (see <a class="externalLink" href="https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html">CLI</a>).</p>
<p>Some organizations may want to use a more robust centralized database. Currently, <a class="externalLink" href="http://www.h2database.com/html/tutorial.html#using_server">H2 in server mode</a>, MySQL, PostgreSQL, Oracle, and MS SQL Server have been tested. In general, the setup is done by creating a central database, setting up a single instance of dependency-check, which can connect to the Internet, that is run in update-only mode once a day. Then the other dependency-check clients can connect, using a read-only connection, to perform the analysis. Please note that if the clients are unable to access the Internet the analysis may result in a few false negatives; see the note about Central <a href="./index.html">here</a>.</p>
<p>Some organizations may want to use a more robust centralized database. Currently, <a class="externalLink" href="http://www.h2database.com/html/tutorial.html#using_server">H2 in server mode</a>, MySQL, MariaDB, PostgreSQL, Oracle, and MS SQL Server have been tested. In general, the setup is done by creating a central database, setting up a single instance of dependency-check, which can connect to the Internet, that is run in update-only mode once a day. Then the other dependency-check clients can connect, using a read-only connection, to perform the analysis. Please note that if the clients are unable to access the Internet the analysis may result in a few false negatives; see the note about Central <a href="./index.html">here</a>.</p>
<p>To setup a centralized database the following generalized steps can be used:</p>
<ol style="list-style-type: decimal">
<li>Create the database and tables using either one of the intialization scripts found <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/tree/master/dependency-check-core/src/main/resources/data">here</a>.</li>
<li>Create the database and tables using either <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/data/initialize.sql">initialize.sql</a>
or one of the other initialization scripts <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/tree/master/dependency-check-core/src/main/resources/data">found here</a>.</li>
<li>The account that the clients will connect using must have select granted on the tables.
@@ -268,9 +269,52 @@
<li>The connection string, database user name, and the database user's password will also need to be configured.</li>
</ul>
</li></ol>
<p>Depending on the database being used, you may need to customize the <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/data/dbStatements.properties">dbStatements.properties</a>. Alternatively to modifying the dbStatements.properties it is now possible to use a dialect file to support other databases. See <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/data/dbStatements_h2.properties">dbStatements_h2.properties</a> as an example.</p>
<p>Depending on the database being used, you may need to customize the <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/data/dbStatements.properties">dbStatements.properties</a>. Alternatively to modifying the dbStatements.properties it is possible to use a dialect file to support other databases. See <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/blob/master/dependency-check-core/src/main/resources/data/dbStatements_h2.properties">dbStatements_h2.properties</a> as an example.</p>
<p>Also, if using an external database you will need to manually upgrade the schema. See <a href="./upgrade.html">database upgrades</a> for more information.</p>
<p>As always, feel free to open an <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/issues">issue</a> or post a question to the <a class="externalLink" href="https://groups.google.com/forum/#!forum/dependency-check">dependency-check google group</a>.</p>
<div class="section">
<h2><a name="Examples"></a>Examples</h2>
<p>The following example shows how to use the Maven plugin with MariaDB:</p>
<div class="source">
<div class="source"><pre class="prettyprint linenums">&lt;project&gt;
&lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt;
&lt;groupId&gt;dummy&lt;/groupId&gt;
&lt;artifactId&gt;dummy&lt;/artifactId&gt;
&lt;version&gt;1.0-SNAPSHOT&lt;/version&gt;
&lt;build&gt;
&lt;plugins&gt;
&lt;plugin&gt;
&lt;groupId&gt;org.owasp&lt;/groupId&gt;
&lt;artifactId&gt;dependency-check-maven&lt;/artifactId&gt;
&lt;version&gt;1.4.2&lt;/version&gt;
&lt;dependencies&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.mariadb.jdbc&lt;/groupId&gt;
&lt;artifactId&gt;mariadb-java-client&lt;/artifactId&gt;
&lt;version&gt;1.4.6&lt;/version&gt;
&lt;/dependency&gt;
&lt;/dependencies&gt;
&lt;configuration&gt;
&lt;databaseDriverName&gt;org.mariadb.jdbc.Driver&lt;/databaseDriverName&gt;
&lt;connectionString&gt;jdbc:mariadb://my.cvedb.host/cvedb&lt;/connectionString&gt;
&lt;databaseUser&gt;depscan&lt;/databaseUser&gt;
&lt;databasePassword&gt;NotReallyMyDbPassword&lt;/databasePassword&gt;
&lt;/configuration&gt;
&lt;executions&gt;
&lt;execution&gt;
&lt;goals&gt;
&lt;goal&gt;update-only&lt;/goal&gt;
&lt;/goals&gt;
&lt;/execution&gt;
&lt;/executions&gt;
&lt;/plugin&gt;
&lt;/plugins&gt;
&lt;/build&gt;
&lt;/project&gt;
</pre></div></div></div>
<div class="section">
<h2><a name="Support"></a>Support</h2>
<p>As always, feel free to open an <a class="externalLink" href="https://github.com/jeremylong/DependencyCheck/issues">issue</a> or post a question to the <a class="externalLink" href="https://groups.google.com/forum/#!forum/dependency-check">dependency-check google group</a>.</p></div>
</div>
</div>
</div>