Merge branch 'master' of github.com:hgomez/DependencyCheck into hgomez-master

Former-commit-id: 031bd2f2e7c9ff211245654fc594fdb1b8630d9f

dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Settings.java

@@ -153,6 +153,18 @@ public final class Settings {
          * The additional configured zip file extensions, if available.
          */
         public static final String ADDITIONAL_ZIP_EXTENSIONS = "extensions.zip";
+        /**
+         * The properties key for whether Test Scope dependencies should be skipped.
+         */
+        public static final String SKIP_TEST_SCOPE = "skip.test.scope";
+        /**
+         * The properties key for whether Runtime Scope dependencies should be skipped.
+         */
+        public static final String SKIP_RUNTIME_SCOPE = "skip.runtime.scope";
+        /**
+         * The properties key for whether Provided Scope dependencies should be skipped.
+         */
+        public static final String SKIP_PROVIDED_SCOPE = "skip.provided.scope";
     }
     /**
      * The properties file location.

dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java

@@ -233,6 +233,23 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
      */
     @Parameter(property = "zipExtensions", required = false)
     private String zipExtensions;
+    /**
+     * Skip Analisys for Test Scope Dependencies
+     */
+    @Parameter(property = "skipTestScope", defaultValue = "true", required = false)
+    private boolean skipTestScope = true;
+    /**
+     * Skip Analisys for Runtime Scope Dependencies
+     */
+    @Parameter(property = "skipRuntimeScope", defaultValue = "false", required = false)
+    private boolean skipRuntimeScope = false;
+    /**
+     * Skip Analisys for Provided Scope Dependencies
+     */
+    @Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
+    private boolean skipProvidedScope = false;
+
+
     // </editor-fold>
     /**
      * Executes the Dependency-Check on the dependent libraries.
@@ -248,9 +265,16 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         final Engine engine = new Engine();
         final Set<Artifact> artifacts = project.getArtifacts();
         for (Artifact a : artifacts) {
-            if (!Artifact.SCOPE_TEST.equals(a.getScope()) && !Artifact.SCOPE_PROVIDED.equals(a.getScope()) && !Artifact.SCOPE_RUNTIME.equals(a.getScope())) {
+            if (skipTestScope && Artifact.SCOPE_TEST.equals(a.getScope()))
+                    continue;
+
+            if (skipProvidedScope && Artifact.SCOPE_PROVIDED.equals(a.getScope()))
+                continue;
+
+            if (skipRuntimeScope && !Artifact.SCOPE_RUNTIME.equals(a.getScope()))
+                continue;
+
                 engine.scan(a.getFile().getAbsolutePath());
-            }
         }
         engine.analyzeDependencies();
         return engine;
@@ -710,6 +734,9 @@ public class DependencyCheckMojo extends AbstractMojo implements MavenMultiPageR
         if (zipExtensions != null && !zipExtensions.isEmpty()) {
             Settings.setString(Settings.KEYS.ADDITIONAL_ZIP_EXTENSIONS, zipExtensions);
         }
+        Settings.setBoolean(Settings.KEYS.SKIP_TEST_SCOPE, skipTestScope);
+        Settings.setBoolean(Settings.KEYS.SKIP_RUNTIME_SCOPE, skipRuntimeScope);
+        Settings.setBoolean(Settings.KEYS.SKIP_PROVIDED_SCOPE, skipProvidedScope);
     }
 
     /**

dependency-check-maven/src/site/markdown/configuration.md

@@ -15,11 +15,14 @@ proxyUrl             | The Proxy URL.                     |
 proxyPort            | The Proxy Port.                    |
 proxyUsername        | Defines the proxy user name.       |
 proxyPassword        | Defines the proxy password.        |
-nexusAnalyzerEnabled | The connection timeout used when downloading data files from the Internet. |
+nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. |
-nexusUrl             | The connection timeout used when downloading data files from the Internet. |
+nexusUrl             | Defines the Nexus URL. |
 databaseDriverName   | The name of the database driver. Example: org.h2.Driver. |
 databaseDriverPath   | The path to the database driver JAR file; only used if the driver is not in the class path. |
 connectionString     | The connection string used to connect to the database. |
 databaseUser         | The username used when connecting to the database. |
 databasePassword     | The password used when connecting to the database. |
 zipExtensions        | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |
+skipTestScope | Should be skip analysis for artifacts with Test Scope (default: true) |
+skipProvidedScope | Should be skip analysis for artifacts with Provided Scope (default: false) |
+skipRuntimeScope | Should be skip analysis for artifacts with Runtime Scope (default: false) |

dependency-check-maven/src/site/markdown/usage.md.vm

@@ -103,3 +103,36 @@ Create the dependency-check report within the site
     ...
 </project>
 ```
+Example 4:
+---------------------
+Create the DependencyCheck-report.html and skip artifacts no bundled in distribution (Provided and Runtime scope)
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>${project.version}</version>
+                <configuration>
+                    <skipProvidedScope>true</skipProvidedScope>
+                    <skipRuntimeScope>true</skipRuntimeScope>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```
+