diff --git a/dependency-check-maven/src/it/729-system-scope/invoker.properties b/dependency-check-maven/src/it/729-system-scope/invoker.properties
new file mode 100644
index 000000000..b41bc60f9
--- /dev/null
+++ b/dependency-check-maven/src/it/729-system-scope/invoker.properties
@@ -0,0 +1,19 @@
+#
+# This file is part of dependency-check-maven.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+#
+
+invoker.goals = install ${project.groupId}:${project.artifactId}:${project.version}:check -DskipSystemScope=true -Dformat=JSON
diff --git a/dependency-check-maven/src/it/729-system-scope/pom.xml b/dependency-check-maven/src/it/729-system-scope/pom.xml
new file mode 100644
index 000000000..6f2d06950
--- /dev/null
+++ b/dependency-check-maven/src/it/729-system-scope/pom.xml
@@ -0,0 +1,34 @@
+
+
+
+ 4.0.0
+ org.owasp.test
+ test-system-scope
+ 1.0.0-SNAPSHOT
+ jar
+
+
+ system
+ com.sun
+ tools
+ 1.8
+ ${java.home}/../lib/tools.jar
+
+
+
\ No newline at end of file
diff --git a/dependency-check-maven/src/it/729-system-scope/postbuild.groovy b/dependency-check-maven/src/it/729-system-scope/postbuild.groovy
new file mode 100644
index 000000000..335aaa589
--- /dev/null
+++ b/dependency-check-maven/src/it/729-system-scope/postbuild.groovy
@@ -0,0 +1,30 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
+ */
+
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import java.nio.charset.Charset;
+import groovy.json.JsonSlurper;
+
+def slurper = new JsonSlurper()
+def json = slurper.parse(new File(basedir, "target/dependency-check-report.json"), "UTF-8")
+
+assert json instanceof Map
+assert json.analysis.dependencies instanceof List
+assert json.analysis.dependencies.size()==0
+return true;
diff --git a/dependency-check-maven/src/it/729-system-scope/prebuild.groovy b/dependency-check-maven/src/it/729-system-scope/prebuild.groovy
new file mode 100644
index 000000000..9eff4bb5c
--- /dev/null
+++ b/dependency-check-maven/src/it/729-system-scope/prebuild.groovy
@@ -0,0 +1,17 @@
+/*
+ * This file is part of dependency-check-maven.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
+ */
diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
index 1a923a698..741e832a3 100644
--- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
+++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
@@ -403,6 +403,13 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@SuppressWarnings("CanBeFinal")
@Parameter(property = "skipProvidedScope", defaultValue = "false", required = false)
private boolean skipProvidedScope = false;
+
+ /**
+ * Skip Analysis for Provided Scope Dependencies.
+ */
+ @SuppressWarnings("CanBeFinal")
+ @Parameter(property = "skipSystemScope", defaultValue = "false", required = false)
+ private boolean skipSystemScope = false;
/**
* The data directory, hold DC SQL DB.
*/
@@ -631,10 +638,10 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
List nodes, ProjectBuildingRequest buildingRequest) {
ExceptionCollection exCol = null;
for (DependencyNode dependencyNode : nodes) {
- exCol = collectDependencies(engine, project, dependencyNode.getChildren(), buildingRequest);
if (excludeFromScan(dependencyNode.getArtifact().getScope())) {
continue;
}
+ exCol = collectDependencies(engine, project, dependencyNode.getChildren(), buildingRequest);
try {
final ArtifactCoordinate coordinate = TransferUtils.toArtifactCoordinate(dependencyNode.getArtifact());
final Artifact result = artifactResolver.resolveArtifact(buildingRequest, coordinate).getArtifact();
@@ -963,6 +970,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
if (skipProvidedScope && org.apache.maven.artifact.Artifact.SCOPE_PROVIDED.equals(scope)) {
return true;
}
+ if (skipSystemScope && org.apache.maven.artifact.Artifact.SCOPE_SYSTEM.equals(scope)) {
+ return true;
+ }
return skipRuntimeScope && !org.apache.maven.artifact.Artifact.SCOPE_RUNTIME.equals(scope);
}
diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md
index c43075f2e..9f1518976 100644
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -23,9 +23,10 @@ format | The report format to be generated (HTML, XML, VULN
name | The name of the report in the site. | dependency-check or dependency-check:aggregate
outputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build. | 'target'
skip | Skips the dependency-check analysis. | false
-skipTestScope | Skip analysis for artifacts with Test Scope. | true
skipProvidedScope | Skip analysis for artifacts with Provided Scope. | false
skipRuntimeScope | Skip analysis for artifacts with Runtime Scope. | false
+skipSystemScope | Skip analysis for artifacts with System Scope. | false
+skipTestScope | Skip analysis for artifacts with Test Scope. | true
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). |
hintsFile | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html). |
enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false