releasing updates from private repo

Former-commit-id: 064139c68ad185358d6c74a77511d9ca36229633
2026-03-23 01:29:43 +01:00 · 2013-07-31 10:21:31 -04:00
parent a036b9fc27
commit c3f9f16ce3
264 changed files with 13532 additions and 3394 deletions
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -0,0 +1,13 @@
+Configuration
+====================
+The following properties can be set on the dependency-check-maven plugin.
+
+Property            | Description                        | Default Value
+--------------------|------------------------------------|------------------
+autoUpdate          | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
+externalReport      | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
+failBuildOnCVSS     | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.         | 11
+format              | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
+connectionTimeout   | The Connection Timeout.            |
+proxyUrl            | The Proxy URL.                     |
+proxyPort           | The Proxy Port.                    |
--- a/dependency-check-maven/src/site/markdown/usage.md.vm
+++ b/dependency-check-maven/src/site/markdown/usage.md.vm
@@ -0,0 +1,76 @@
+Usage
+======================
+Dependency-check-maven is very simple to utilize and can be used as a stand-alone
+plugin or as part of the site plugin.
+
+It is important to understand that the first time this task is executed it may
+take 20 minutes or more as it downloads and processes the data from the National
+Vulnerability Database (NVD) hosted by NIST: https://nvd.nist.gov
+
+After the first batch download, as long as the plugin is executed at least once every
+seven days the update will only take a few seconds.
+
+### Create the DependencyCheck-report.html in the target directory
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+              <groupId>org.owasp</groupId>
+              <artifactId>dependency-check-maven</artifactId>
+              <version>${project.version}</version>
+              <configuration>
+                  <failBuildOnCVSS>8</failBuildOnCVSS>
+              </configuration>
+              <executions>
+                  <execution>
+                      <goals>
+                          <goal>check</goal>
+                      </goals>
+                  </execution>
+              </executions>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```
+
+Note, the above configuration will fail the build if any dependencies are found
+to have vulnerabilities with a CVSS score greater then 8. If you do not wish to
+fail the build for CVSS scores do not specify the failBuildOnCVSS element.
+
+### Create the dependency-check report within the site
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <configuration>
+                    <reportPlugins>
+                        <plugin>
+                            <groupId>org.owasp</groupId>
+                            <artifactId>dependency-check-maven</artifactId>
+                            <version>${project.version}</version>
+                            <configuration>
+                                <externalReport>false</externalReport>
+                            </configuration>
+                        </plugin>
+                    </reportPlugins>
+                </configuration>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```
--- a/dependency-check-maven/src/site/site.xml
+++ b/dependency-check-maven/src/site/site.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+This file is part of dependency-check-maven.
+
+Dependency-check-maven is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the Free
+Software Foundation, either version 3 of the License, or (at your option) any
+later version.
+
+Dependency-check-maven is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along with
+dependency-check-maven. If not, see http://www.gnu.org/licenses/.
+
+Copyright (c) 2013 Jeremy Long. All Rights Reserved.
+-->
+
+<project name="dependency-check-maven" xmlns="http://maven.apache.org/DECORATION/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/DECORATION/1.0.0 http://maven.apache.org/xsd/decoration-1.0.0.xsd">
+    <bannerLeft>
+        <name>dependency-check-maven</name>
+    </bannerLeft>
+    <body>
+        <breadcrumbs>
+            <item name="dependency-check" href="../index.html"/>
+        </breadcrumbs>
+        <menu name="Getting Started">
+            <item name="Usage" href="usage.html"/>
+            <item name="Configuration" href="configuration.html"/>
+        </menu>
+        <menu ref="Project Documentation" />
+        <menu ref="reports"/>
+    </body>
+</project>