From eb91152cfaa6f89235451cae20c1fa25bbacf78f Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 11 Sep 2015 06:53:58 -0400 Subject: [PATCH] updated the dependency-check-ant documentation --- .../src/main/assembly/release.xml | 11 +++++- .../src/site/markdown/config-purge.md | 19 +++++++++ .../src/site/markdown/config-update.md | 39 +++++++++++++++++++ .../src/site/markdown/configuration.md | 16 +++++--- .../src/site/markdown/index.md.vm | 32 ++++++++------- .../src/site/markdown/usage.md.vm | 33 ---------------- 6 files changed, 94 insertions(+), 56 deletions(-) create mode 100644 dependency-check-ant/src/site/markdown/config-purge.md create mode 100644 dependency-check-ant/src/site/markdown/config-update.md delete mode 100644 dependency-check-ant/src/site/markdown/usage.md.vm diff --git a/dependency-check-ant/src/main/assembly/release.xml b/dependency-check-ant/src/main/assembly/release.xml index f154353e3..1d77fbdf7 100644 --- a/dependency-check-ant/src/main/assembly/release.xml +++ b/dependency-check-ant/src/main/assembly/release.xml @@ -12,7 +12,7 @@ zip false - + + + + ${project.build.directory}/${project.artifactId}-${project.version}.jar + dependency-check + dependency-check-ant.jar + + dependency-check/lib diff --git a/dependency-check-ant/src/site/markdown/config-purge.md b/dependency-check-ant/src/site/markdown/config-purge.md new file mode 100644 index 000000000..80c9f5d91 --- /dev/null +++ b/dependency-check-ant/src/site/markdown/config-purge.md @@ -0,0 +1,19 @@ +Configuration +==================== +The dependency-check-purge task deletes the local copy of the NVD. This task +should rarely be used, if ever. This is included as a convenience method in +the rare circumstance that the local H2 database because corrupt. + +```xml + + + +``` + +Configuration: dependency-check-purge Task +-------------------- +The following properties can be set on the dependency-check-purge task. + +Property | Description | Default Value +----------------------|----------------------------------------------------------------|------------------ +dataDirectory | Data directory that is used to store the local copy of the NVD | data diff --git a/dependency-check-ant/src/site/markdown/config-update.md b/dependency-check-ant/src/site/markdown/config-update.md new file mode 100644 index 000000000..d05dab230 --- /dev/null +++ b/dependency-check-ant/src/site/markdown/config-update.md @@ -0,0 +1,39 @@ +Configuration +==================== +The dependency-check-update task downloads and updates the local copy of the NVD. +There are several reasons that one may want to use this task; primarily, creating +an update that will be run only once a day or once every few days (but not greater +then 7 days) and then use the `autoUpdate="false"` setting on individual +dependency-check scans. See [Internet Access Required](https://jeremylong.github.io/DependencyCheck/data/index.html) +for more information on why this task would be used. + +```xml + + + +``` + +Configuration: dependency-check-update Task +-------------------- +The following properties can be set on the dependency-check task. + +Property | Description | Default Value +----------------------|------------------------------------|------------------ +proxyServer | The Proxy Server. |   +proxyPort | The Proxy Port. |   +proxyUsername | Defines the proxy user name. |   +proxyPassword | Defines the proxy password. |   +connectionTimeout | The URL Connection Timeout. |   + +Advanced Configuration +==================== +The following properties can be configured in the plugin. However, they are less frequently changed. One exception +may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment. + +Property | Description | Default Value +---------------------|--------------------------------------------------------------------------|------------------ +cveUrl12Modified | URL for the modified CVE 1.2. | http://nvd.nist.gov/download/nvdcve-modified.xml +cveUrl20Modified | URL for the modified CVE 2.0. | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml +cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year. | http://nvd.nist.gov/download/nvdcve-%d.xml +cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year. | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml +dataDirectory | Data directory that is used to store the local copy of the NVD. This should generally not be changed. | data diff --git a/dependency-check-ant/src/site/markdown/configuration.md b/dependency-check-ant/src/site/markdown/configuration.md index ab4e4d169..e7fa137e9 100644 --- a/dependency-check-ant/src/site/markdown/configuration.md +++ b/dependency-check-ant/src/site/markdown/configuration.md @@ -1,5 +1,11 @@ Configuration ==================== +Once dependency-check-ant has been [installed](index.html) the defined tasks can be used. + +* dependency-check - the primary task used to check the project dependencies. Configuration options are below. +* dependency-check-purge - deletes the local copy of the NVD; this should rarely be used (if ever). See the [purge configuration](config-purge.html) for more information. +* dependency-check-update - downloads and updates the local copy of the NVD. See the [update configuration](config-update.html) for more information. + To configure the dependency-check task you can add it to a target and include a file based [resource collection](http://ant.apache.org/manual/Types/resources.html#collection) such as a [FileSet](http://ant.apache.org/manual/Types/fileset.html), [DirSet](http://ant.apache.org/manual/Types/dirset.html), @@ -19,14 +25,13 @@ the project's dependencies. ``` -Configuration -==================== -The following properties can be set on the dependency-check-maven plugin. +Configuration: dependency-check Task +-------------------- +The following properties can be set on the dependency-check-update task. Property | Description | Default Value ----------------------|------------------------------------|------------------ autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. | true -updateOnly | If set to true only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated. | false projectName | The name of the project being scanned. | Dependency-Check reportOutputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target' failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. | 11 @@ -70,10 +75,9 @@ cveUrl12Modified | URL for the modified CVE 1.2. cveUrl20Modified | URL for the modified CVE 2.0. | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml cveUrl12Base | Base URL for each year's CVE 1.2, the %d will be replaced with the year. | http://nvd.nist.gov/download/nvdcve-%d.xml cveUrl20Base | Base URL for each year's CVE 2.0, the %d will be replaced with the year. | http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml -dataDirectory | Data directory to hold SQL CVEs contents. This should generally not be changed. |   +dataDirectory | Data directory that is used to store the local copy of the NVD. This should generally not be changed. | data databaseDriverName | The name of the database driver. Example: org.h2.Driver. |   databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. |   connectionString | The connection string used to connect to the database. |   databaseUser | The username used when connecting to the database. |   databasePassword | The password used when connecting to the database. |   -purge | Delete the local copy of the NVD. This is used to force a refresh of the data. |   diff --git a/dependency-check-ant/src/site/markdown/index.md.vm b/dependency-check-ant/src/site/markdown/index.md.vm index bf6614c49..b05651426 100644 --- a/dependency-check-ant/src/site/markdown/index.md.vm +++ b/dependency-check-ant/src/site/markdown/index.md.vm @@ -7,23 +7,25 @@ identifiers, and the associated Common Vulnerability and Exposure (CVE) entries. Installation ==================== -Download dependency-check-ant from [bintray here](http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-${project.version}.jar). -To install dependency-check-ant place the dependency-check-ant-${project.version}.jar into -the lib directory of your Ant instalation directory. Once installed you can add -the taskdef to you build.xml and add the task to a new or existing target: +1. Download dependency-check-ant from [bintray here](http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-${project.version}-release.zip). +2. Unzip the archive +3. Add the taskdef to your build.xml: -```xml - -``` + ```xml + + + + + + + + + ``` +4. Use the defined taskdefs: + * [dependency-check](configuration.html) - the primary task used to check the project dependencies. + * [dependency-check-purge](config-purge.html) - deletes the local copy of the NVD; this should rarely be used (if ever). + * [dependency-check-update](config-update.html) - downloads and updates the local copy of the NVD. -If you do not want to install dependency-check-ant into your ant's lib directory when you define the task def you -must add the classpath to the taskdef: - -```xml - - - -``` It is important to understand that the first time this task is executed it may take 10 minutes or more as it downloads and processes the data from the National diff --git a/dependency-check-ant/src/site/markdown/usage.md.vm b/dependency-check-ant/src/site/markdown/usage.md.vm deleted file mode 100644 index c2743a930..000000000 --- a/dependency-check-ant/src/site/markdown/usage.md.vm +++ /dev/null @@ -1,33 +0,0 @@ -Usage -==================== -First, add the dependency-check-ant taskdef to your build.xml (see the [installation guide](installation.html)): - -```xml - -``` - -Or - -```xml - - - -``` - -Next, add the task to a target of your choosing: - -```xml - - - - - - - - -``` - -See the [configuration guide](configuration.html) for more information.