Ruby Bundler: Added informative message about updating DB. Switched most log messages to debug level.

dependency-check-cli/src/site/markdown/arguments.md

@@ -32,6 +32,7 @@ Short  | Argument Name        | Paramete
        | \-\-disablePyPkg      |                 | Sets whether the Python Package Analyzer will be used.                           | false
        | \-\-disableNodeJS     |                 | Sets whehter the Node.js Package Analyzer will be used.                          | false
        | \-\-disableRubygems   |                 | Sets whether the Ruby Gemspec Analyzer will be used.                             | false
+       | \-\-disableBundlerAudit |               | Sets whether the Ruby Bundler Audit Analyzer will be used.                             | false
        | \-\-disableAutoconf   |                 | Sets whether the Autoconf Analyzer will be used.                                 | false
        | \-\-disableOpenSSL    |                 | Sets whether the OpenSSL Analyzer will be used.                                  | false
        | \-\-disableCmake      |                 | Sets whether the Cmake Analyzer will be used.                                    | false
@@ -45,6 +46,7 @@ Short  | Argument Name        | Paramete
        | \-\-disableNuspec     |                 | Sets whether or not the .NET Nuget Nuspec Analyzer will be used.                 | false
        | \-\-disableAssembly   |                 | Sets whether or not the .NET Assembly Analyzer should be used.                   | false
        | \-\-mono              | \<path\>        | The path to Mono for .NET Assembly analysis on non-windows systems.              | &nbsp;
+       | \-\-bundleAudit       |                 | The path to the bundle-audit executable. | &nbsp;
        | \-\-proxyserver       | \<server\>      | The proxy server to use when downloading resources.                              | &nbsp;
        | \-\-proxyport         | \<port\>        | The proxy port to use when downloading resources.                                | &nbsp;
        | \-\-connectiontimeout | \<timeout\>     | The connection timeout (in milliseconds) to use when downloading resources.      | &nbsp;

dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/RubyBundleAuditAnalyzer.java

@@ -129,6 +129,10 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
             LOGGER.debug("Exception while trying to launch bundle-audit.", ae);
             setEnabled(false);
         }
+        if (isEnabled()) {
+            LOGGER.info(ANALYZER_NAME + " is enabled. It is necessary to manually run \"bundle-audit update\" " +
+                    "occasionally to keep its database up to date.");
+        }
     }
 
     /**
@@ -208,7 +212,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
                     map.put(gem, createDependencyForGem(engine, parentName, fileName, gem));
                 }
                 dependency = map.get(gem);
-                LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
+                LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
             } else if (nextLine.startsWith(VERSION)) {
                 vulnerability = createVulnerability(parentName, dependency, vulnerability, gem, nextLine);
             } else if (nextLine.startsWith(ADVISORY)) {
@@ -238,7 +242,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
         if (null != dependency) {
             dependency.getVulnerabilities().add(vulnerability); // needed to wait for vulnerability name to avoid NPE
         }
-        LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
+        LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
     }
 
     private void addReferenceToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
@@ -250,7 +254,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
             ref.setUrl(url);
             vulnerability.getReferences().add(ref);
         }
-        LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
+        LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
     }
 
     private void addCriticalityToVulnerability(String parentName, Vulnerability vulnerability, String nextLine) {
@@ -266,7 +270,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
                 vulnerability.setCvssScore(-1.0f);
             }
         }
-        LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
+        LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
     }
 
     private Vulnerability createVulnerability(String parentName, Dependency dependency, Vulnerability vulnerability, String gem, String nextLine) {
@@ -288,7 +292,7 @@ public class RubyBundleAuditAnalyzer extends AbstractFileTypeAnalyzer {
             vulnerability.setCvssConfidentialityImpact("-");
             vulnerability.setCvssIntegrityImpact("-");
         }
-        LOGGER.info(String.format("bundle-audit (%s): %s", parentName, nextLine));
+        LOGGER.debug(String.format("bundle-audit (%s): %s", parentName, nextLine));
         return vulnerability;
     }