releasing updates from private repo

Former-commit-id: 064139c68ad185358d6c74a77511d9ca36229633

dependency-check-maven/src/site/markdown/configuration.md

@@ -0,0 +1,13 @@
+Configuration
+====================
+The following properties can be set on the dependency-check-maven plugin.
+
+Property            | Description                        | Default Value
+--------------------|------------------------------------|------------------
+autoUpdate          | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true
+externalReport      | When using as a Site plugin this parameter sets whether or not the external report format should be used. | false
+failBuildOnCVSS     | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.         | 11
+format              | The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
+connectionTimeout   | The Connection Timeout.            |
+proxyUrl            | The Proxy URL.                     |
+proxyPort           | The Proxy Port.                    |

dependency-check-maven/src/site/markdown/usage.md.vm

@@ -0,0 +1,76 @@
+Usage
+======================
+Dependency-check-maven is very simple to utilize and can be used as a stand-alone
+plugin or as part of the site plugin.
+
+It is important to understand that the first time this task is executed it may
+take 20 minutes or more as it downloads and processes the data from the National
+Vulnerability Database (NVD) hosted by NIST: https://nvd.nist.gov
+
+After the first batch download, as long as the plugin is executed at least once every
+seven days the update will only take a few seconds.
+
+### Create the DependencyCheck-report.html in the target directory
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+              <groupId>org.owasp</groupId>
+              <artifactId>dependency-check-maven</artifactId>
+              <version>${project.version}</version>
+              <configuration>
+                  <failBuildOnCVSS>8</failBuildOnCVSS>
+              </configuration>
+              <executions>
+                  <execution>
+                      <goals>
+                          <goal>check</goal>
+                      </goals>
+                  </execution>
+              </executions>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```
+
+Note, the above configuration will fail the build if any dependencies are found
+to have vulnerabilities with a CVSS score greater then 8. If you do not wish to
+fail the build for CVSS scores do not specify the failBuildOnCVSS element.
+
+### Create the dependency-check report within the site
+
+```xml
+<project>
+    <build>
+        <plugins>
+            ...
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-site-plugin</artifactId>
+                <configuration>
+                    <reportPlugins>
+                        <plugin>
+                            <groupId>org.owasp</groupId>
+                            <artifactId>dependency-check-maven</artifactId>
+                            <version>${project.version}</version>
+                            <configuration>
+                                <externalReport>false</externalReport>
+                            </configuration>
+                        </plugin>
+                    </reportPlugins>
+                </configuration>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```