github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-20 08:14:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation for experimental analyzers

Browse Source
This commit is contained in:
Jeremy Long
2016-06-08 06:40:07 -04:00
parent 4e4417c7af
commit 8680ecd033
4 changed files with 45 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
dependency-check-ant/src/site/markdown/configuration.md
View File

@@ -43,7 +43,7 @@ proxyPort | The Proxy Port.
proxyUsername | Defines the proxy user name. |   proxyUsername | Defines the proxy user name. |  
proxyPassword | Defines the proxy password. |   proxyPassword | Defines the proxy password. |  
connectionTimeout | The URL Connection Timeout. |   connectionTimeout | The URL Connection Timeout. |  
enableExperimental | Enable the experimental analyzers. | false enableExperimental | Enable the experimental analyzers. If not enabled the *experimental* analyzers (see below) will not be loaded or used. | false
Analyzer Configuration Analyzer Configuration
==================== ====================
@@ -54,7 +54,7 @@ types that they support are detected - so specifically disabling them may not
be needed. be needed.
Property | Description | Default Value Property | Description | Default Value
------------------------------|---------------------------------------------------------------------------|------------------ ------------------------------|-----------------------------------------------------------------------------------|------------------
archiveAnalyzerEnabled | Sets whether the Archive Analyzer will be used. | true archiveAnalyzerEnabled | Sets whether the Archive Analyzer will be used. | true
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |   zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. |  
jarAnalyzer | Sets whether the Jar Analyzer will be used. | true jarAnalyzer | Sets whether the Jar Analyzer will be used. | true
@@ -62,16 +62,16 @@ centralAnalyzerEnabled | Sets whether the Central Analyzer will be used.
nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
nexusUrl | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. |   nexusUrl | Defines the Nexus web service endpoint (example http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. |  
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
pyDistributionAnalyzerEnabled | Sets whether the Python Distribution Analyzer will be used. | true pyDistributionAnalyzerEnabled | Sets whether the *experimental* Python Distribution Analyzer will be used. | true
pyPackageAnalyzerEnabled | Sets whether the Python Package Analyzer will be used. | true pyPackageAnalyzerEnabled | Sets whether the *experimental* Python Package Analyzer will be used. | true
rubygemsAnalyzerEnabled | Sets whether the Ruby Gemspec Analyzer will be used. | true rubygemsAnalyzerEnabled | Sets whether the *experimental* Ruby Gemspec Analyzer will be used. | true
opensslAnalyzerEnabled | Sets whether or not the openssl Analyzer should be used. | true opensslAnalyzerEnabled | Sets whether the openssl Analyzer should be used. | true
cmakeAnalyzerEnabled | Sets whether or not the CMake Analyzer should be used. | true cmakeAnalyzerEnabled | Sets whether the *experimental* CMake Analyzer should be used. | true
autoconfAnalyzerEnabled | Sets whether or not the autoconf Analyzer should be used. | true autoconfAnalyzerEnabled | Sets whether the *experimental* autoconf Analyzer should be used. | true
composerAnalyzerEnabled | Sets whether or not the PHP Composer Lock File Analyzer should be used. | true composerAnalyzerEnabled | Sets whether the *experimental* PHP Composer Lock File Analyzer should be used. | true
nodeAnalyzerEnabled | Sets whether or not the Node.js Analyzer should be used. | true nodeAnalyzerEnabled | Sets whether the *experimental* Node.js Analyzer should be used. | true
nuspecAnalyzerEnabled | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | true nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true
assemblyAnalyzerEnabled | Sets whether or not the .NET Assembly Analyzer should be used. | true assemblyAnalyzerEnabled | Sets whether the .NET Assembly Analyzer should be used. | true
pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. |   pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. |  
Advanced Configuration Advanced Configuration

18
dependency-check-cli/src/site/markdown/arguments.md
View File

@@ -18,7 +18,7 @@ Short | Argument Name   | Parameter | Description | Requir
| \-\-advancedHelp | | Print the advanced help message. | Optional | \-\-advancedHelp | | Print the advanced help message. | Optional
\-v | \-\-version | | Print the version information. | Optional \-v | \-\-version | | Print the version information. | Optional
| \-\-cveValidForHours | \<hours\> | The number of hours to wait before checking for new updates from the NVD. The default is 4 hours. | Optional | \-\-cveValidForHours | \<hours\> | The number of hours to wait before checking for new updates from the NVD. The default is 4 hours. | Optional
| \-\-experimental | | Enable the experimental analyzers. | Optional | \-\-experimental | | Enable the experimental analyzers. If not set the analyzers marked as experimental below will not be loaded or used. | Optional
Advanced Options Advanced Options
================ ================
@@ -30,18 +30,18 @@ Short | Argument&nbsp;Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | Paramete
| \-\-cveUrl20Base | \<url\> | Base URL for each year's CVE 2.0, the %d will be replaced with the year | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz | \-\-cveUrl20Base | \<url\> | Base URL for each year's CVE 2.0, the %d will be replaced with the year | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz
\-P | \-\-propertyfile | \<file\> | Specifies a file that contains properties to use instead of applicaion defaults. | &nbsp; \-P | \-\-propertyfile | \<file\> | Specifies a file that contains properties to use instead of applicaion defaults. | &nbsp;
| \-\-updateonly | | If set only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated. | &nbsp; | \-\-updateonly | | If set only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated. | &nbsp;
| \-\-disablePyDist | | Sets whether the Python Distribution Analyzer will be used. | false | \-\-disablePyDist | | Sets whether the *experimental* Python Distribution Analyzer will be used. | false
| \-\-disablePyPkg | | Sets whether the Python Package Analyzer will be used. | false | \-\-disablePyPkg | | Sets whether the *experimental* Python Package Analyzer will be used. | false
| \-\-disableNodeJS | | Sets whether the Node.js Package Analyzer will be used. | false | \-\-disableNodeJS | | Sets whether the *experimental* Node.js Package Analyzer will be used. | false
| \-\-disableRubygems | | Sets whether the Ruby Gemspec Analyzer will be used. | false | \-\-disableRubygems | | Sets whether the *experimental* Ruby Gemspec Analyzer will be used. | false
| \-\-disableBundleAudit | | Sets whether the Ruby Bundler Audit Analyzer will be used. | false | \-\-disableBundleAudit | | Sets whether the *experimental* Ruby Bundler Audit Analyzer will be used. | false
| \-\-disableAutoconf | | Sets whether the Autoconf Analyzer will be used. | false | \-\-disableAutoconf | | Sets whether the *experimental* Autoconf Analyzer will be used. | false
| \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. | false
| \-\-disableCmake | | Sets whether the Cmake Analyzer will be disabled. | false | \-\-disableCmake | | Sets whether the *experimental* Cmake Analyzer will be disabled. | false
| \-\-disableArchive | | Sets whether the Archive Analyzer will be disabled. | false | \-\-disableArchive | | Sets whether the Archive Analyzer will be disabled. | false
| \-\-zipExtensions | \<strings\> | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp; | \-\-zipExtensions | \<strings\> | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
| \-\-disableJar | | Sets whether the Jar Analyzer will be disabled. | false | \-\-disableJar | | Sets whether the Jar Analyzer will be disabled. | false
| \-\-disableComposer | | Sets whether the PHP Composer Lock File Analyzer will be disabled. | false | \-\-disableComposer | | Sets whether the *experimental* PHP Composer Lock File Analyzer will be disabled. | false
| \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer. | false
| \-\-disableNexus | | Sets whether the Nexus Analyzer will be used. Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server. | false | \-\-disableNexus | | Sets whether the Nexus Analyzer will be used. Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server. | false
| \-\-nexus | \<url\> | The url to the Nexus Server's web service end point (example: http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp; | \-\-nexus | \<url\> | The url to the Nexus Server's web service end point (example: http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp;

22
dependency-check-maven/src/site/markdown/configuration.md
View File

@@ -25,7 +25,7 @@ skipTestScope | Skip analysis for artifacts with Test Scope
skipProvidedScope | Skip analysis for artifacts with Provided Scope | false skipProvidedScope | Skip analysis for artifacts with Provided Scope | false
skipRuntimeScope | Skip analysis for artifacts with Runtime Scope | false skipRuntimeScope | Skip analysis for artifacts with Runtime Scope | false
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html) | &nbsp; suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html) | &nbsp;
enableExperimental | Enable the experimental analyzers | false enableExperimental | Enable the experimental analyzers. If not enabled the *experimental* analyzers (see below) will not be loaded or used. | false
Analyzer Configuration Analyzer Configuration
==================== ====================
@@ -44,16 +44,16 @@ centralAnalyzerEnabled | Sets whether Central Analyzer will be used. If t
nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true nexusAnalyzerEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
nexusUrl | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp; nexusUrl | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp;
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
pyDistributionAnalyzerEnabled | Sets whether the Python Distribution Analyzer will be used. | true pyDistributionAnalyzerEnabled | Sets whether the *experimental* Python Distribution Analyzer will be used. | true
pyPackageAnalyzerEnabled | Sets whether the Python Package Analyzer will be used. | true pyPackageAnalyzerEnabled | Sets whether the *experimental* Python Package Analyzer will be used. | true
rubygemsAnalyzerEnabled | Sets whether the Ruby Gemspec Analyzer will be used. | true rubygemsAnalyzerEnabled | Sets whether the *experimental* Ruby Gemspec Analyzer will be used. | true
opensslAnalyzerEnabled | Sets whether or not the openssl Analyzer should be used. | true opensslAnalyzerEnabled | Sets whether the openssl Analyzer should be used. | true
cmakeAnalyzerEnabled | Sets whether or not the CMake Analyzer should be used. | true cmakeAnalyzerEnabled | Sets whether the *experimental* CMake Analyzer should be used. | true
autoconfAnalyzerEnabled | Sets whether or not the autoconf Analyzer should be used. | true autoconfAnalyzerEnabled | Sets whether the *experimental* autoconf Analyzer should be used. | true
composerAnalyzerEnabled | Sets whether or not the PHP Composer Lock File Analyzer should be used. | true composerAnalyzerEnabled | Sets whether the *experimental* PHP Composer Lock File Analyzer should be used. | true
nodeAnalyzerEnabled | Sets whether or not the Node.js Analyzer should be used. | true nodeAnalyzerEnabled | Sets whether the *experimental* Node.js Analyzer should be used. | true
nuspecAnalyzerEnabled | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | true nuspecAnalyzerEnabled | Sets whether the .NET Nuget Nuspec Analyzer will be used. | true
assemblyAnalyzerEnabled | Sets whether or not the .NET Assembly Analyzer should be used. | true assemblyAnalyzerEnabled | Sets whether the .NET Assembly Analyzer should be used. | true
pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. | &nbsp; pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. | &nbsp;
Advanced Configuration Advanced Configuration

15
src/site/markdown/dependency-check-gradle/configuration.md
View File

@@ -87,6 +87,7 @@ analyzers is likely not needed.
Property | Description | Default Value Property | Description | Default Value
----------------------|---------------------------------------------------------------------------|------------------ ----------------------|---------------------------------------------------------------------------|------------------
experimentalEnabled | Sets whether the experimental analyzers will be used. If not set to true the analyzers marked as experimental (see below) will not be used | false
archiveEnabled | Sets whether the Archive Analyzer will be used. | true archiveEnabled | Sets whether the Archive Analyzer will be used. | true
zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp; zipExtensions | A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. | &nbsp;
jarEnabled | Sets whether Jar Analyzer will be used. | true jarEnabled | Sets whether Jar Analyzer will be used. | true
@@ -94,14 +95,14 @@ centralEnabled | Sets whether Central Analyzer will be used. If this anal
nexusEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true nexusEnabled | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
nexusUrl | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp; nexusUrl | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp;
nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true nexusUsesProxy | Whether or not the defined proxy should be used when connecting to Nexus. | true
pyDistributionEnabled | Sets whether the Python Distribution Analyzer will be used. | true pyDistributionEnabled | Sets whether the *experimental* Python Distribution Analyzer will be used. | true
pyPackageEnabled | Sets whether the Python Package Analyzer will be used. | true pyPackageEnabled | Sets whether the *experimental* Python Package Analyzer will be used. | true
rubygemsEnabled | Sets whether the Ruby Gemspec Analyzer will be used. | true rubygemsEnabled | Sets whether the *experimental* Ruby Gemspec Analyzer will be used. | true
opensslEnabled | Sets whether or not the openssl Analyzer should be used. | true opensslEnabled | Sets whether or not the openssl Analyzer should be used. | true
cmakeEnabled | Sets whether or not the CMake Analyzer should be used. | true cmakeEnabled | Sets whether or not the *experimental* CMake Analyzer should be used. | true
autoconfEnabled | Sets whether or not the autoconf Analyzer should be used. | true autoconfEnabled | Sets whether or not the *experimental* autoconf Analyzer should be used. | true
composerEnabled | Sets whether or not the PHP Composer Lock File Analyzer should be used. | true composerEnabled | Sets whether or not the *experimental* PHP Composer Lock File Analyzer should be used. | true
nodeEnabled | Sets whether or not the Node.js Analyzer should be used. | true nodeEnabled | Sets whether or not the *experimental* Node.js Analyzer should be used. | true
nuspecEnabled | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | true nuspecEnabled | Sets whether or not the .NET Nuget Nuspec Analyzer will be used. | true
assemblyEnabled | Sets whether or not the .NET Assembly Analyzer should be used. | true assemblyEnabled | Sets whether or not the .NET Assembly Analyzer should be used. | true
pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. | &nbsp; pathToMono | The path to Mono for .NET assembly analysis on non-windows systems. | &nbsp;