From c153463471732e545393e5f6e6d19194d3034cd0 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sun, 8 Oct 2017 07:50:17 -0400 Subject: [PATCH] update documentation per issue #878 --- .../src/main/java/org/owasp/dependencycheck/taskdefs/Check.java | 2 +- dependency-check-ant/src/site/markdown/configuration.md | 2 +- .../owasp/dependencycheck/agent/DependencyCheckScanAgent.java | 2 +- .../owasp/dependencycheck/maven/BaseDependencyCheckMojo.java | 2 +- dependency-check-maven/src/site/markdown/configuration.md | 2 +- dependency-check-maven/src/site/markdown/index.md.vm | 2 +- src/site/markdown/dependency-check-gradle/configuration.md | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java index b8dedf155..577c1ab33 100644 --- a/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java +++ b/dependency-check-ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java @@ -1083,7 +1083,7 @@ public class Check extends Update { final String msg; if (showSummary) { msg = String.format("%n%nDependency-Check Failure:%n" - + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n" + + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %s%n" + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); } else { msg = String.format("%n%nDependency-Check Failure:%n" diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md index 16324e574..70abf87a1 100644 --- a/dependency-check-ant/src/site/markdown/configuration.md +++ b/dependency-check-ant/src/site/markdown/configuration.md @@ -33,7 +33,7 @@ Property | Description ----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------- autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true cveValidForHours | Sets the number of hours to wait before checking for new updates from the NVD | 4 -failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11 +failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11 failOnError | Whether the build should fail if there is an error executing the dependency-check analysis | true projectName | The name of the project being scanned. | Dependency-Check reportFormat | The report format to be generated (HTML, XML, CSV, JSON, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java index f8cd80eea..a5f66ebae 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java @@ -1028,7 +1028,7 @@ public class DependencyCheckScanAgent { final String msg; if (showSummary) { msg = String.format("%n%nDependency-Check Failure:%n" - + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': %s%n" + + "One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': %s%n" + "See the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); } else { msg = String.format("%n%nDependency-Check Failure:%n" diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java index c61f0274e..8b83f510c 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java @@ -1259,7 +1259,7 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities: %n%s%n%n" + "See the dependency-check report for more details.%n%n", ids.toString()); } else { - msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than '%.1f': " + msg = String.format("%n%nOne or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '%.1f': " + "%n%s%n%nSee the dependency-check report for more details.%n%n", failBuildOnCVSS, ids.toString()); } } else { diff --git a/dependency-check-maven/src/site/markdown/configuration.md b/dependency-check-maven/src/site/markdown/configuration.md index 6803b177e..ad68896a7 100644 --- a/dependency-check-maven/src/site/markdown/configuration.md +++ b/dependency-check-maven/src/site/markdown/configuration.md @@ -16,7 +16,7 @@ Property | Description | Default Value ----------------------------|------------------------------------|------------------ autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true cveValidForHours | Sets the number of hours to wait before checking for new updates from the NVD. | 4 -failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11 +failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11 failBuildOnAnyVulnerability | Specific that if any vulnerability is identified, the build will fail. | false failOnError | Whether the build should fail if there is an error executing the dependency-check analysis. | true format | The report format to be generated (HTML, XML, CSV, JSON, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML diff --git a/dependency-check-maven/src/site/markdown/index.md.vm b/dependency-check-maven/src/site/markdown/index.md.vm index 43815f4ab..c17a27d5e 100644 --- a/dependency-check-maven/src/site/markdown/index.md.vm +++ b/dependency-check-maven/src/site/markdown/index.md.vm @@ -73,7 +73,7 @@ Create an aggregated dependency-check report within the site. ``` $H$H$H Example 3: -Create the DependencyCheck-report.html and fail the build for CVSS greater than 8. +Create the DependencyCheck-report.html and fail the build for CVSS greater than or equal to 8. ```xml diff --git a/src/site/markdown/dependency-check-gradle/configuration.md b/src/site/markdown/dependency-check-gradle/configuration.md index d3996dd28..e0552bad5 100644 --- a/src/site/markdown/dependency-check-gradle/configuration.md +++ b/src/site/markdown/dependency-check-gradle/configuration.md @@ -29,7 +29,7 @@ Property | Description | Default Value autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true cveValidForHours | Sets the number of hours to wait before checking for new updates from the NVD. | 4 failOnError | Fails the build if an error occurs during the dependency-check analysis. | true -failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. | 11 +failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. | 11 format | The report format to be generated (HTML, XML, CSV, JSON, VULN, ALL). | HTML outputDirectory | The location to write the report(s). This directory will be located in the build directory. | build/reports skipTestGroups | When set to true (the default) all dependency groups that being with 'test' will be skipped. | true