diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
index 4983cfcbf..61a63be0a 100644
--- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
+++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/DependencyCheckTask.java
@@ -323,7 +323,6 @@ public class DependencyCheckTask extends Task {
public void setProxyPort(String proxyPort) {
this.proxyPort = proxyPort;
}
-
/**
* The Proxy username.
*/
@@ -346,7 +345,6 @@ public class DependencyCheckTask extends Task {
public void setProxyUsername(String proxyUsername) {
this.proxyUsername = proxyUsername;
}
-
/**
* The Proxy password.
*/
@@ -369,7 +367,6 @@ public class DependencyCheckTask extends Task {
public void setProxyPassword(String proxyPassword) {
this.proxyPassword = proxyPassword;
}
-
/**
* The Connection Timeout.
*/
@@ -414,6 +411,28 @@ public class DependencyCheckTask extends Task {
public void setLogFile(String logFile) {
this.logFile = logFile;
}
+ /**
+ * The path to the suppression file.
+ */
+ private String suppressionFile;
+
+ /**
+ * Get the value of suppressionFile.
+ *
+ * @return the value of suppressionFile
+ */
+ public String getSuppressionFile() {
+ return suppressionFile;
+ }
+
+ /**
+ * Set the value of suppressionFile.
+ *
+ * @param suppressionFile new value of suppressionFile
+ */
+ public void setSuppressionFile(String suppressionFile) {
+ this.suppressionFile = suppressionFile;
+ }
@Override
public void execute() throws BuildException {
@@ -515,6 +534,9 @@ public class DependencyCheckTask extends Task {
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
}
+ if (suppressionFile != null && !suppressionFile.isEmpty()) {
+ Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
+ }
}
/**
diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md
index f26791aa5..018c919d7 100644
--- a/dependency-check-ant/src/site/markdown/configuration.md
+++ b/dependency-check-ant/src/site/markdown/configuration.md
@@ -29,6 +29,7 @@ FailBuildOn | If set and a CVE is found that is greater then the speci
AutoUpdate | If set to false the NVD CVE data is not automatically updated. Setting this to false could result in false negatives. However, this may be required in some environments. The default value is true. | Optional
DataDirectory | The directory where dependency-check will store data used for analysis. Defaults to a folder called, called 'dependency-check-data', that is in the same directory as the dependency-check-ant jar file was installed in. *It is not recommended to change this.* | Optional
LogFile | The file path to write verbose logging information. | Optional
+SuppressionFile | An XML file conforming to the suppression schema that suppresses findings; this is used to hide false positives. | Optional
ProxyUrl | Defines the proxy used to connect to the Internet. | Optional
ProxyPort | Defines the port for the proxy. | Optional
ProxyUsername | Defines the proxy user name. | Optional
diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
index 9deca7db7..dab96be4b 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -99,7 +99,7 @@ public class App {
} else if (cli.isRunScan()) {
updateSettings(cli.isAutoUpdate(), cli.getConnectionTimeout(), cli.getProxyUrl(),
cli.getProxyPort(), cli.getProxyUsername(), cli.getProxyPassword(),
- cli.getDataDirectory(), cli.getPropertiesFile());
+ cli.getDataDirectory(), cli.getPropertiesFile(), cli.getSuppressionFile());
runScan(cli.getReportDirectory(), cli.getReportFormat(), cli.getApplicationName(), cli.getScanFiles());
} else {
cli.printHelp();
@@ -147,11 +147,15 @@ public class App {
* @param proxyUrl the proxy url (null or blank means no proxy will be used)
* @param proxyPort the proxy port (null or blank means no port will be
* used)
+ * @param proxyUser the proxy user name
+ * @param proxyPass the password for the proxy
* @param dataDirectory the directory to store/retrieve persistent data from
* @param propertiesFile the properties file to utilize
+ * @param suppressionFile the path to the suppression file
*/
private void updateSettings(boolean autoUpdate, String connectionTimeout, String proxyUrl, String proxyPort,
- String proxyUser, String proxyPass, String dataDirectory, File propertiesFile) {
+ String proxyUser, String proxyPass, String dataDirectory, File propertiesFile,
+ String suppressionFile) {
if (propertiesFile != null) {
try {
@@ -194,5 +198,8 @@ public class App {
if (connectionTimeout != null && !connectionTimeout.isEmpty()) {
Settings.setString(Settings.KEYS.CONNECTION_TIMEOUT, connectionTimeout);
}
+ if (suppressionFile != null && !suppressionFile.isEmpty()) {
+ Settings.setString(Settings.KEYS.SUPPRESSION_FILE, suppressionFile);
+ }
}
}
diff --git a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
index 3fccf1826..27b126af1 100644
--- a/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
+++ b/dependency-check-cli/src/main/java/org/owasp/dependencycheck/cli/CliParser.java
@@ -207,6 +207,11 @@ public final class CliParser {
.withDescription("The file path to write verbose logging information.")
.create(ArgumentName.VERBOSE_LOG_SHORT);
+ final Option suppressionFile = OptionBuilder.withArgName("file").hasArg().withLongOpt(ArgumentName.SUPPRESION_FILE)
+ .withDescription("The file path to the suppression XML file.")
+ .create(ArgumentName.SUPPRESION_FILE_SHORT);
+
+
final OptionGroup og = new OptionGroup();
og.addOption(path);
@@ -221,6 +226,7 @@ public final class CliParser {
opts.addOption(props);
opts.addOption(data);
opts.addOption(verboseLog);
+ opts.addOption(suppressionFile);
opts.addOption(proxyPort);
opts.addOption(proxyUrl);
opts.addOption(proxyUsername);
@@ -389,6 +395,15 @@ public final class CliParser {
return line.getOptionValue(ArgumentName.VERBOSE_LOG);
}
+ /**
+ * Returns the path to the suppression file.
+ *
+ * @return the path to the suppression file
+ */
+ public String getSuppressionFile() {
+ return line.getOptionValue(ArgumentName.SUPPRESION_FILE);
+ }
+
/**
* Prints the manifest information to standard output.
* - Implementation-Title: ${pom.name}
@@ -549,5 +564,15 @@ public final class CliParser {
* directory.
*/
public static final String VERBOSE_LOG_SHORT = "l";
+ /**
+ * The CLI argument name for setting the location of the suppression
+ * file.
+ */
+ public static final String SUPPRESION_FILE = "suppression";
+ /**
+ * The short CLI argument name for setting the location of the
+ * suppression file.
+ */
+ public static final String SUPPRESION_FILE_SHORT = "sf";
}
}