github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-25 10:32:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation

Browse Source
This commit is contained in:
Jeremy Long
2015-11-28 08:14:00 -05:00
parent e05cef6886
commit 5c8b374352
4 changed files with 81 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
src/site/markdown/dependency-check-gradle/configuration-update.md
View File

@@ -1,11 +1,11 @@
Tasks
====================
Task | Description
------------------------------------------|-----------------------
[dependencyCheck](configuration.html) | Runs dependency-check against the project and generates a report.
dependencyCheckUpdate | Updates the local cache of the NVD data from NIST.
[dependencyCheckPurge](config-purge.html) | Deletes the local copy of the NVD. This is used to force a refresh of the data.
Task | Description
-------------------------------------------------|-----------------------
[dependencyCheck](configuration.html) | Runs dependency-check against the project and generates a report.
dependencyCheckUpdate | Updates the local cache of the NVD data from NIST.
[dependencyCheckPurge](configuration-purge.html) | Deletes the local copy of the NVD. This is used to force a refresh of the data.
Configuration: dependencyCheckUpdate
====================
@@ -13,24 +13,16 @@ The following properties can be configured for the dependencyCheckUpdate task:
Property | Description | Default Value
---------------------|------------------------------------|------------------
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
cveValidForHours | Sets the number of hours to wait before checking for new updates from the NVD. | 4
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. | 11
format | The report format to be generated (HTML, XML, VULN, ALL). | HTML
reportsDirName | The location to write the report(s). This directory will be located in the build directory. | reports
skipTestGroups | When set to true (the default) all dependency groups that being with 'test' will be skipped. | true
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html) |  
$H$H$H$H Example
#### Example
```groovy
dependencyCheck {
autoUpdate=false
dependencyCheckUpdate {
cveValidForHours=1
format=ALL
}
```
$H$H$H Proxy Configuration
### Proxy Configuration
Property | Description | Default Value
------------------|------------------------------------|------------------
@@ -40,9 +32,9 @@ username | Defines the proxy user name. |  
password | Defines the proxy password. |  
connectionTimeout | The URL Connection Timeout. |  
$H$H$H$H Example
#### Example
```groovy
dependencyCheck {
dependencyCheckUpdate {
proxy {
server=some.proxy.server
port=8989
@@ -50,7 +42,7 @@ dependencyCheck {
}
```
$H$H$H Advanced Configuration
### Advanced Configuration
The following properties can be configured in the dependencyCheck task. However, they are less frequently changed. One exception
may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment.
@@ -69,48 +61,11 @@ data | connectionString | The connection string used to connect to the
data | username | The username used when connecting to the database. |  
data | password | The password used when connecting to the database. |  
$H$H$H$H Example
#### Example
```groovy
dependencyCheck {
dependencyCheckUpdate {
data {
directory='d:/nvd'
}
}
```
$H$H$H Analyzer Configuration
In addition to the above, the dependencyCheck plugin can be configured to enable or disable specific
analyzers by configuring the `analyzer` section. Note, specific file type analyzers will automatically
disable themselves if no file types that they support are detected - so specifically disabling the
analyzers is likely not needed.
Property | Description | Default Value
----------------------|---------------------------------------------------------------------------|------------------
archiveEnabled | Sets whether the Archive Analyzer will be used. | true
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |  
jarEnabled | Sets whether Jar Analyzer will be used. | true
centralEnabled | Sets whether Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below). | true
nexusEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
nexusUrl | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. |  
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
pyDistributionEnabled | Sets whether the Python Distribution Analyzer will be used. | true
pyPackageEnabled | Sets whether the Python Package Analyzer will be used. | true
rubygemsEnabled | Sets whether the Ruby Gemspec Analyzer will be used. | true
opensslEnabled | Sets whether or not the openssl Analyzer should be used. | true
cmakeEnabled | Sets whether or not the CMake Analyzer should be used. | true
autoconfEnabled | Sets whether or not the autoconf Analyzer should be used. | true
composerEnabled | Sets whether or not the PHP Composer Lock File Analyzer should be used. | true
nodeEnabled | Sets whether or not the Node.js Analyzer should be used. | true
nuspecEnabled | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | true
assemblyEnabled | Sets whether or not the .NET Assembly Analyzer should be used. | true
pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. |  
$H$H$H$H Example
```groovy
dependencyCheck {
analyzer {
assemblyEnabled=false
}
}
```