github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-17 23:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

version 1.1.4 of the projects documentation

Browse Source
This commit is contained in:
Jeremy Long
2014-03-29 10:02:40 -04:00
parent a64a31923a
commit 99d2502581
975 changed files with 36859 additions and 28147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

503
dependency-check-ant/configuration.html
View File

@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2014-03-10
| Generated by Apache Maven Doxia at 2014-03-29
| Rendered using Apache Maven Fluido Skin 1.3.1
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20140310" />
<meta name="Date-Revision-yyyymmdd" content="20140329" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check-ant - Configuration</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
@@ -54,7 +54,7 @@
<li class="">
<a href="../../../../../../../../../../../../c:/Users/jeremy/Documents/NetBeansProjects/DependencyCheck/target/site/1.1.3/#" title="">
<a href="../../../../../../../../../../../../c:/Users/jeremy/Documents/NetBeansProjects/DependencyCheck/target/site/1.1.4/#" title="">
</a>
<span class="divider">/</span>
</li>
@@ -67,9 +67,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-03-10</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-03-29</li>
<li id="projectVersion" class="pull-right">
Version: 1.1.3
Version: 1.1.4
</li>
</ul>
@@ -174,7 +174,8 @@
&lt;/dependency-check&gt;
&lt;/target&gt;
</pre></div>
<p>The following table lists the configurable properties:</p>
<h1>Configuration</h1>
<p>The following properties can be set on the dependency-check-maven plugin.</p>
<table border="0" class="table table-striped">
<thead>
@@ -185,7 +186,131 @@
<th>Description </th>
<th>Requirement </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>autoUpdate </td>
<td>Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. </td>
<td>true</td>
</tr>
<tr class="a">
<td>externalReport </td>
<td>When using as a Site plugin this parameter sets whether or not the external report format should be used. </td>
<td>false</td>
</tr>
<tr class="b">
<td>outputDirectory </td>
<td>The location to write the report(s). Note, this is not used if generating the report as part of a <tt>mvn site</tt> build </td>
<td>&#x2018;target&#x2019;</td>
</tr>
<tr class="a">
<td>failBuildOnCVSS </td>
<td>Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. </td>
<td>11</td>
</tr>
<tr class="b">
<td>format </td>
<td>The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. </td>
<td>HTML</td>
</tr>
<tr class="a">
<td>logFile </td>
<td>The file path to write verbose logging information. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>suppressionFile </td>
<td>The file path to the XML suppression file - used to suppress <a href="../suppression.html">false positives</a> </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>proxyUrl </td>
<td>The Proxy URL. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>proxyPort </td>
<td>The Proxy Port. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>proxyUsername </td>
<td>Defines the proxy user name. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>proxyPassword </td>
<td>Defines the proxy password. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>connectionTimeout </td>
<td>The URL Connection Timeout. </td>
<td>&#160;</td>
</tr>
</tbody>
</table>
<h1>Analyzer Configuration</h1>
<p>The following properties are used to configure the various file type analyzers. These properties can be used to turn off specific analyzers if it is not needed. Note, that specific analyzers will automatically disable themselves if no file types that they support are detected - so specifically disabling them may not be needed.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
@@ -194,245 +319,102 @@
<tr class="b">
<td>applicationName </td>
<td>archiveAnalyzerEnabled </td>
<td>The name of the application to use in the generated report. </td>
<td>Required </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>reportFormat </td>
<td>The format of the report to be generated. Allowed values are: HTML, XML, VULN, or ALL. The default value is HTML.</td>
<td>Optional </td>
<td>HTML</td>
</tr>
<tr class="b">
<td>reportOutputDirectory </td>
<td>The directory where dependency-check will store data used for analysis. Defaults to the current working directory. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>failBuildOn </td>
<td>If set and a CVE is found that is greater then the specified value the build will fail. The default value is 11 which means that the build will not fail. Valid values are 0-11. </td>
<td>Optional </td>
<td>11</td>
</tr>
<tr class="b">
<td>autoUpdate </td>
<td>If set to false the NVD CVE data is not automatically updated. Setting this to false could result in false negatives. However, this may be required in some environments. </td>
<td>Optional </td>
<td>Sets whether the Archive Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>dataDirectory </td>
<td>The directory where dependency-check will store data used for analysis. Defaults to a folder called, called &#x2018;dependency-check-data&#x2019;, that is in the same directory as the dependency-check-ant jar file was installed in. <i>It is not recommended to change this.</i> </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>logFile </td>
<td>The file path to write verbose logging information. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>suppressionFile </td>
<td>An XML file conforming to the suppression schema that suppresses findings; this is used to hide <a href="../suppression.html">false positives</a>. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>proxyUrl </td>
<td>Defines the proxy used to connect to the Internet. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>proxyPort </td>
<td>Defines the port for the proxy. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>proxyUsername </td>
<td>Defines the proxy user name. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>proxyPassword </td>
<td>Defines the proxy password. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>connectionTimeout </td>
<td>The connection timeout used when downloading data files from the Internet. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>nexusAnalyzerEnabled </td>
<td>The connection timeout used when downloading data files from the Internet. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>nexusUrl </td>
<td>The connection timeout used when downloading data files from the Internet. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>nexusUsesProxy </td>
<td>Whether or not the defined proxy should be used when connecting to Nexus. </td>
<td>Optional </td>
<td>true</td>
</tr>
<tr class="b">
<td>databaseDriverName </td>
<td>The name of the database driver. Example: org.h2.Driver. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>databaseDriverPath </td>
<td>The path to the database driver JAR file; only used if the driver is not in the class path. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>connectionString </td>
<td>The connection string used to connect to the database. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>databaseUser </td>
<td>The username used when connecting to the database. </td>
<td>Optional </td>
<td>dcuser</td>
</tr>
<tr class="b">
<td>databasePassword </td>
<td>The password used when connecting to the database. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>zipExtensions </td>
<td>A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>jarAnalyzer </td>
<td>Sets whether Jar Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>nexusAnalyzerEnabled </td>
<td>Sets whether Nexus Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>nexusUrl </td>
<td>Defines the Nexus URL. </td>
<td><a class="externalLink" href="https://repository.sonatype.org/service/local/">https://repository.sonatype.org/service/local/</a></td>
</tr>
<tr class="a">
<td>nexusUsesProxy </td>
<td>Whether or not the defined proxy should be used when connecting to Nexus. </td>
<td>true</td>
</tr>
<tr class="b">
<td>nuspecAnalyzerEnabled </td>
<td>Sets whether or not the .NET Nuget Nuspec Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>assemblyAnalyzerEnabled </td>
<td>Sets whether or not the .NET Assembly Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>pathToMono </td>
<td>The path to Mono for .NET assembly analysis on non-windows systems </td>
<td>&#160;</td>
</tr>
</tbody>
</table>
<h1>Advanced Configuration</h1>
<p>The following properties can be configured in the plugin. However, they are less frequently changed. One exception may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
@@ -440,8 +422,6 @@
<td>URL for the modified CVE 1.2 </td>
<td>Optional </td>
<td><a class="externalLink" href="http://nvd.nist.gov/download/nvdcve-modified.xml">http://nvd.nist.gov/download/nvdcve-modified.xml</a></td>
</tr>
@@ -451,8 +431,6 @@
<td>URL for the modified CVE 2.0 </td>
<td>Optional </td>
<td><a class="externalLink" href="http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml">http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml</a></td>
</tr>
@@ -462,8 +440,6 @@
<td>Base URL for each year&#x2019;s CVE 1.2, the %d will be replaced with the year </td>
<td>Optional </td>
<td><a class="externalLink" href="http://nvd.nist.gov/download/nvdcve-%d.xml">http://nvd.nist.gov/download/nvdcve-%d.xml</a></td>
</tr>
@@ -473,18 +449,59 @@
<td>Base URL for each year&#x2019;s CVE 2.0, the %d will be replaced with the year </td>
<td>Optional </td>
<td><a class="externalLink" href="http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml">http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml</a></td>
</tr>
<tr class="b">
<td>pathToMono </td>
<td>dataDirectory </td>
<td>The path to Mono for .NET assembly analysis on non-windows systems </td>
<td>Data directory to hold SQL CVEs contents. This should generally not be changed. </td>
<td>Optional </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>databaseDriverName </td>
<td>The name of the database driver. Example: org.h2.Driver. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>databaseDriverPath </td>
<td>The path to the database driver JAR file; only used if the driver is not in the class path. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>connectionString </td>
<td>The connection string used to connect to the database. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>databaseUser </td>
<td>The username used when connecting to the database. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>databasePassword </td>
<td>The password used when connecting to the database. </td>
<td>&#160;</td>
</tr>