github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-05-04 14:14:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

version 1.2.9 of documentation

Browse Source
This commit is contained in:
Jeremy Long
2015-03-06 19:43:56 -05:00
parent 641235ed9a
commit bca392355f
1416 changed files with 49885 additions and 32066 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
nexus-analyzer.html
View File

@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2014-12-07
| Generated by Apache Maven Doxia at 2015-03-06
| Rendered using Apache Maven Fluido Skin 1.3.1
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20141207" />
<meta name="Date-Revision-yyyymmdd" content="20150306" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Nexus Analyzer</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
@@ -62,9 +62,9 @@
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-12-07</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2015-03-06</li>
<li id="projectVersion" class="pull-right">
Version: 1.2.7
Version: 1.2.9
</li>
</ul>
@@ -144,6 +144,13 @@
Jar Analyzer</a>
</li>
<li>
<a href="central-analyzer.html" title="Central Analyzer">
<i class="none"></i>
Central Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Nexus Analyzer</a>
@@ -248,48 +255,8 @@
<div id="bodyColumn" class="span9" >
<h1>Nexus Analyzer</h1>
<p>Dependency-check includes an analyzer that will check for the Maven GAV (Group/Artifact/Version) information for artifacts in the scanned area. By default the information comes from <a class="externalLink" href="http://search.maven.org/" title="Maven Central">Maven Central</a>, but can be configured to use a local repository if necessary. If the artifact&#x2019;s hash is found in the configured Nexus repository, its GAV is recorded as an Identifier and the Group is collected as Vendor evidence, the Artifact is collected as Product evidence, and the Version is collected as Version evidence.</p>
<div class="section">
<h2>Default Configuration<a name="Default_Configuration"></a></h2>
<p>By default, the Nexus analyzer uses the <a class="externalLink" href="https://repository.sonatype.org/" title="Sonatype Nexus Repository">Sonatype Nexus Repository</a> to search for SHA-1 hashes of dependencies. If the proxy is configured for Dependency Check, that proxy is used in order to connect to the Nexus Central repository. So if you&#x2019;re using <tt>--proxyurl</tt> on the command-line, the <tt>proxyUrl</tt> setting in the Maven plugin, or the <tt>proxyUrl</tt> attribute in the Ant task, that proxy will be used by default. Also, the proxy port, user, and password configured globally are used as well.</p></div>
<div class="section">
<h2>Overriding Defaults<a name="Overriding_Defaults"></a></h2>
<p>If you have an internal Nexus repository you want to use, Dependency Check can be configured to use this repository rather than Sonatype. This needs to be a Nexus repository (support for Artifactory is planned). For a normal installation of Nexus, you would append <tt>/service/local/</tt> to the root of the URL to your Nexus repository. This URL can be set as:</p>
<ul>
<li><tt>analyzer.nexus.url</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--nexus &lt;url&gt;</tt> in the CLI</li>
<li>The <tt>nexusUrl</tt> property in the Maven plugin</li>
<li>The <tt>nexusUrl</tt> attribute in the Ant task</li>
</ul>
<p>If this repository is internal and should not use the proxy, you can disable the proxy for just the Nexus analyzer. Setting this makes no difference if a proxy is not configured.</p>
<ul>
<li><tt>analyzer.nexus.proxy=false</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--nexusUsesProxy false</tt> in the CLI</li>
<li>The <tt>nexusUsesProxy</tt> property in the Maven plugin</li>
<li>The <tt>nexusUsesProxy</tt> attribute in the Ant task</li>
</ul>
<p>Finally, the Nexus analyzer can be disabled altogether.</p>
<ul>
<li><tt>analyzer.nexus.enabled=false</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--disableNexus</tt> in the CLI</li>
<li><tt>nexusAnalyzerEnabled</tt> property in the Maven plugin</li>
<li><tt>nexusAnalyzerEnabled</tt> attribute in the Ant task</li>
</ul></div>
<p>The Nexus Analyzer has been superceded by the Central Analyzer. If both the Central Analyzer and Nexus Analyzer are enabled and the Nexus URL has not been configured to point to an instance of Nexus Pro the Nexus Analyzer will disable itself.</p>
<p>The Nexus Analyzer will check for the Maven GAV (Group/Artifact/Version) information for artifacts in the scanned area. This is done by determining if an artifact exists in a Nexus Pro installation using the SHA-1 hash of the artifact scanned. If the artifact&#x2019;s hash is found in the configured Nexus repository, its GAV is recorded as an Identifier and the Group is collected as Vendor evidence, the Artifact is collected as Product evidence, and the Version is collected as Version evidence.</p>
<div class="section">
<h2>Logging<a name="Logging"></a></h2>
<p>You may see a log message similar to the following during analysis:</p>
@@ -298,7 +265,7 @@
<pre>Mar 31, 2014 9:15:12 AM org.owasp.dependencycheck.analyzer.NexusAnalyzer initializeFileTypeAnalyzer
WARNING: There was an issue getting Nexus status. Disabling analyzer.
</pre></div>
<p>At the beginning of analysis, a check is made by the Nexus analyzer to see if it is able to reach the configured Nexus service, and if it cannot be reached, the analyzer will be disabled. If you see this message, you can use the configuration settings described above to resolve the issue, or disable the analyzer altogether.</p></div>
<p>At the beginning of analysis, a check is made by the Nexus analyzer to see if it is able to reach the configured Nexus service, and if it cannot be reached, the analyzer will be disabled. If you see this message, you can use the configuration settings described in either the CLI, Ant, Maven, or Jenkins plugins to resolve the issue, or disable the analyzer altogether.</p></div>
</div>
</div>
</div>
@@ -308,7 +275,7 @@ WARNING: There was an issue getting Nexus status. Disabling analyzer.
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2014
<p >Copyright &copy; 2012&#x2013;2015
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.