Add an update only option

Former-commit-id: 67253232762acb61e1400dc60443e556f71db874
2026-03-22 09:09:31 +01:00 · 2015-03-28 12:17:24 -04:00
parent f247978d12
commit d0401f3f8d
10 changed files with 300 additions and 98 deletions
--- a/dependency-check-maven/src/site/markdown/configuration.md
+++ b/dependency-check-maven/src/site/markdown/configuration.md
@@ -1,10 +1,11 @@
 Goals
 ====================

-Goal       | Description
-----------|-----------------------
-aggregate  | Runs dependency-check against the child projects and aggregates the results into a single report.
-check      | Runs dependency-check against the project and generates a report.
+Goal        | Description
+------------|-----------------------
+aggregate   | Runs dependency-check against the child projects and aggregates the results into a single report.
+check       | Runs dependency-check against the project and generates a report.
+update-only | Updates the local cache of the NVD data from NIST.

 Configuration
 ====================
@@ -38,7 +39,7 @@ zipExtensions           | A comma-separated list of additional file extensions t
 jarAnalyzer             | Sets whether Jar Analyzer will be used.                                   | true
 centralAnalyzerEnabled  | Sets whether Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below). | true
 nexusAnalyzerEnabled    | Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. | true
-nexusUrl                | Defines the Nexus Pro Server URL. If not set the Nexus Analyzer will be disabled. | &nbsp;
+nexusUrl                | Defines the Nexus Server's web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled. | &nbsp;
 nexusUsesProxy          | Whether or not the defined proxy should be used when connecting to Nexus. | true
 nuspecAnalyzerEnabled   | Sets whether or not the .NET Nuget Nuspec Analyzer will be used.          | true
 assemblyAnalyzerEnabled | Sets whether or not the .NET Assembly Analyzer should be used.            | true
--- a/dependency-check-maven/src/site/markdown/usage.md.vm
+++ b/dependency-check-maven/src/site/markdown/usage.md.vm
@@ -176,3 +176,33 @@ Create the DependencyCheck-report.html and use internal mirroring of CVE content
    ...
 </project>
 ```
+
+$H$H$H Example 6:
+Update the local cache of the NVD data from NIST without analyzing the dependencies.
+
+```xml
+<project>
+    ...
+    <build>
+        ...
+        <plugins>
+            ...
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>${project.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>update-only</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            ...
+        </plugins>
+        ...
+    </build>
+    ...
+</project>
+```