github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-04 07:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

updated documentation as part of resolution for issue #144

Browse Source 
Former-commit-id: f47171e52e22e75c582bed47c9d0e9df3945e148
This commit is contained in:
Jeremy Long
2014-09-01 08:13:34 -04:00
parent eef565134b
commit 99d8a07f4a
2 changed files with 44 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
dependency-check-maven/src/site/markdown/configuration.md
View File

@@ -4,6 +4,7 @@ The following properties can be set on the dependency-check-maven plugin.
Property | Description | Default Value
---------------------|------------------------------------|------------------
aggregate | Sets whether report aggregation will be performed for multi-module site reports. This option only affects the report generation when configured within the reporting section. | false
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
outputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target'
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11

76
dependency-check-maven/src/site/markdown/usage.md.vm
View File

@@ -17,7 +17,9 @@ Create the DependencyCheck-report.html in the target directory
```xml
<project>
...
<build>
...
<plugins>
...
<plugin>
@@ -41,11 +43,47 @@ Create the DependencyCheck-report.html in the target directory
```
$H$H$H Example 2:
Create an aggregated dependency-check report within the site
```xml
<project>
...
<reporting>
...
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<configuration>
<reportPlugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${project.version}</version>
<configuration>
<aggregate>true</aggregate>
</configuration>
</plugin>
</reportPlugins>
</configuration>
</plugin>
...
</plugins>
...
</reporting>
...
</project>
```
$H$H$H Example 3:
Create the DependencyCheck-report.html and fail the build for CVSS greater then 8
```xml
<project>
...
<build>
...
<plugins>
...
<plugin>
@@ -71,44 +109,14 @@ Create the DependencyCheck-report.html and fail the build for CVSS greater then
</project>
```
$H$H$H Example 3:
Create the dependency-check report within the site
```xml
<project>
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-site-plugin</artifactId>
<configuration>
<reportPlugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${project.version}</version>
<configuration>
<externalReport>false</externalReport>
</configuration>
</plugin>
</reportPlugins>
</configuration>
</plugin>
...
</plugins>
...
</build>
...
</project>
```
$H$H$H Example 4:
Create the DependencyCheck-report.html and skip artifacts no bundled in distribution (Provided and Runtime scope)
Create the DependencyCheck-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope)
```xml
<project>
...
<build>
...
<plugins>
...
<plugin>
@@ -140,7 +148,9 @@ Create the DependencyCheck-report.html and use internal mirroring of CVE content
```xml
<project>
...
<build>
...
<plugins>
...
<plugin>