mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-18 07:14:09 +01:00
updated documentation as part of resolution for issue #144
Former-commit-id: f47171e52e22e75c582bed47c9d0e9df3945e148
This commit is contained in:
Jeremy Long
@@ -4,6 +4,7 @@ The following properties can be set on the dependency-check-maven plugin.
|
|||||||
|
|
||||||
Property | Description | Default Value
|
Property | Description | Default Value
|
||||||
---------------------|------------------------------------|------------------
|
---------------------|------------------------------------|------------------
|
||||||
|
aggregate | Sets whether report aggregation will be performed for multi-module site reports. This option only affects the report generation when configured within the reporting section. | false
|
||||||
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
|
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
|
||||||
outputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target'
|
outputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target'
|
||||||
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11
|
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11
|
||||||
|
|||||||
@@ -17,7 +17,9 @@ Create the DependencyCheck-report.html in the target directory
|
|||||||
|
|
||||||
```xml
|
```xml
|
||||||
<project>
|
<project>
|
||||||
|
...
|
||||||
<build>
|
<build>
|
||||||
|
...
|
||||||
<plugins>
|
<plugins>
|
||||||
...
|
...
|
||||||
<plugin>
|
<plugin>
|
||||||
@@ -41,11 +43,47 @@ Create the DependencyCheck-report.html in the target directory
|
|||||||
```
|
```
|
||||||
|
|
||||||
$H$H$H Example 2:
|
$H$H$H Example 2:
|
||||||
|
Create an aggregated dependency-check report within the site
|
||||||
|
|
||||||
|
```xml
|
||||||
|
<project>
|
||||||
|
...
|
||||||
|
<reporting>
|
||||||
|
...
|
||||||
|
<plugins>
|
||||||
|
...
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-site-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<reportPlugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<version>${project.version}</version>
|
||||||
|
<configuration>
|
||||||
|
<aggregate>true</aggregate>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</reportPlugins>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
...
|
||||||
|
</plugins>
|
||||||
|
...
|
||||||
|
</reporting>
|
||||||
|
...
|
||||||
|
</project>
|
||||||
|
```
|
||||||
|
|
||||||
|
$H$H$H Example 3:
|
||||||
Create the DependencyCheck-report.html and fail the build for CVSS greater then 8
|
Create the DependencyCheck-report.html and fail the build for CVSS greater then 8
|
||||||
|
|
||||||
```xml
|
```xml
|
||||||
<project>
|
<project>
|
||||||
|
...
|
||||||
<build>
|
<build>
|
||||||
|
...
|
||||||
<plugins>
|
<plugins>
|
||||||
...
|
...
|
||||||
<plugin>
|
<plugin>
|
||||||
@@ -71,44 +109,14 @@ Create the DependencyCheck-report.html and fail the build for CVSS greater then
|
|||||||
</project>
|
</project>
|
||||||
```
|
```
|
||||||
|
|
||||||
$H$H$H Example 3:
|
|
||||||
Create the dependency-check report within the site
|
|
||||||
|
|
||||||
```xml
|
|
||||||
<project>
|
|
||||||
<build>
|
|
||||||
<plugins>
|
|
||||||
...
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
|
||||||
<artifactId>maven-site-plugin</artifactId>
|
|
||||||
<configuration>
|
|
||||||
<reportPlugins>
|
|
||||||
<plugin>
|
|
||||||
<groupId>org.owasp</groupId>
|
|
||||||
<artifactId>dependency-check-maven</artifactId>
|
|
||||||
<version>${project.version}</version>
|
|
||||||
<configuration>
|
|
||||||
<externalReport>false</externalReport>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
|
||||||
</reportPlugins>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
|
||||||
...
|
|
||||||
</plugins>
|
|
||||||
...
|
|
||||||
</build>
|
|
||||||
...
|
|
||||||
</project>
|
|
||||||
```
|
|
||||||
|
|
||||||
$H$H$H Example 4:
|
$H$H$H Example 4:
|
||||||
Create the DependencyCheck-report.html and skip artifacts no bundled in distribution (Provided and Runtime scope)
|
Create the DependencyCheck-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope)
|
||||||
|
|
||||||
```xml
|
```xml
|
||||||
<project>
|
<project>
|
||||||
|
...
|
||||||
<build>
|
<build>
|
||||||
|
...
|
||||||
<plugins>
|
<plugins>
|
||||||
...
|
...
|
||||||
<plugin>
|
<plugin>
|
||||||
@@ -140,7 +148,9 @@ Create the DependencyCheck-report.html and use internal mirroring of CVE content
|
|||||||
|
|
||||||
```xml
|
```xml
|
||||||
<project>
|
<project>
|
||||||
|
...
|
||||||
<build>
|
<build>
|
||||||
|
...
|
||||||
<plugins>
|
<plugins>
|
||||||
...
|
...
|
||||||
<plugin>
|
<plugin>
|
||||||
|
|||||||
Reference in New Issue
Block a user