version 1.3.3

dependency-check-ant/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
     </parent>
 
     <artifactId>dependency-check-ant</artifactId>

dependency-check-ant/src/main/resources/task.properties

@@ -1,2 +1,2 @@
 # the path to the data directory
-data.directory=data
+data.directory=data/3.0

dependency-check-cli/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
     </parent>
 
     <artifactId>dependency-check-cli</artifactId>

dependency-check-core/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
     </parent>
 
     <artifactId>dependency-check-core</artifactId>

dependency-check-core/src/main/resources/dependencycheck.properties

@@ -18,8 +18,13 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt
 data.directory=[JAR]/data
 #if the filename has a %s it will be replaced with the current expected version
 data.file_name=dc.h2.db
+
+### if you increment the DB version then you must increment the database file path
+### in the mojo.properties, task.properties (maven and ant respectively), and
+### the gradle PurgeDataExtension.
 data.version=3.0
-data.connection_string=jdbc:h2:file:%s;FILE_LOCK=FS;AUTOCOMMIT=ON;
+
+data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
 #data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
 
 # user name and password for the database connection. The inherent case is to use H2.

dependency-check-maven/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
     </parent>
 
     <artifactId>dependency-check-maven</artifactId>

dependency-check-maven/src/main/resources/mojo.properties

@@ -1,2 +1,2 @@
 # the path to the data directory
-data.directory=[JAR]/../../dependency-check-data
+data.directory=[JAR]/../../dependency-check-data/3.0

dependency-check-utils/pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
     <parent>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-parent</artifactId>
-        <version>1.3.2</version>
+        <version>1.3.3</version>
     </parent>
 
     <artifactId>dependency-check-utils</artifactId>

pom.xml

@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
 
     <groupId>org.owasp</groupId>
     <artifactId>dependency-check-parent</artifactId>
-    <version>1.3.2</version>
+    <version>1.3.3</version>
     <packaging>pom</packaging>
 
     <modules>

src/site/markdown/dependency-check-gradle/configuration.md

@@ -17,7 +17,7 @@ autoUpdate           | Sets whether auto-updating of the NVD CVE/CPE data is ena
 cveValidForHours     | Sets the number of hours to wait before checking for new updates from the NVD.                                     | 4
 failBuildOnCVSS      | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. | 11
 format               | The report format to be generated (HTML, XML, VULN, ALL).                                                          | HTML
-reportsDirName       | The location to write the report(s). This directory will be located in the build directory.                        | reports
+outputDirectory      | The location to write the report(s). This directory will be located in the build directory.                        | build/reports
 skipTestGroups       | When set to true (the default) all dependency groups that being with 'test' will be skipped.                       | true
 suppressionFile      | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html)       |  
 
@@ -81,7 +81,7 @@ dependencyCheck {
 ### Analyzer Configuration
 
 In addition to the above, the dependencyCheck plugin can be configured to enable or disable specific
-analyzers by configuring the `analyzer` section. Note, specific file type analyzers will automatically
+analyzers by configuring the `analyzers` section. Note, specific file type analyzers will automatically
 disable themselves if no file types that they support are detected - so specifically disabling the
 analyzers is likely not needed.
 
@@ -109,7 +109,7 @@ pathToMono            | The path to Mono for .NET assembly analysis on non-windo
 #### Example
 ```groovy
 dependencyCheck {
-    analyzer {
+    analyzers {
         assemblyEnabled=false
     }
 }

src/site/markdown/dependency-check-gradle/index.md.vm

@@ -12,6 +12,8 @@ seven days the update will only take a few seconds.
 
 #set( $H = '#' )
 
+$H$H Quick Start
+
 $H$H$H Step 1, Apply dependency-check-gradle plugin
 Install from Maven central repo
 
@@ -25,7 +27,7 @@ buildscript {
     }
 }
 
-apply plugin: 'dependencyCheck'
+apply plugin: 'org.owasp.dependencycheck'
 ```
 
 $H$H$H Step 2, Run the dependencyCheck task
@@ -36,9 +38,14 @@ Once gradle plugin applied, run following gradle task to check dependencies:
 gradle dependencyCheck --info
 ```
 
-The reports will be generated automatically under `buildDir/reports` folder.
+The reports will be generated automatically under `build/reports` folder.
 
 
+$H$H Task Configuration
+The OWASP dependency-check-gradle plugin contains three tasks: [dependencyCheck](configuration.html),
+[dependencyCheckUpdate](configuration-update.html), and [dependencyCheckPurge](configuration-purge.html).
+Please see each tasks configuration page for more information.
+
 Mailing List
 ------------
 

src/site/site.xml

@@ -74,7 +74,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
         </breadcrumbs>
 
         <menu name="OWASP dependency-check">
-            <item collapse="false" name="General" href="./index.html">
+            <item collapse="true" name="General" href="./index.html">
                 <item name="How it Works" href="./general/internals.html">
                     <description>How does dependency-check work?</description>
                 </item>
@@ -156,9 +156,9 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
                 </item>
                 <item collapse="true" name="Gradle Plugin" href="./dependency-check-gradle/index.html">
                     <description>Gradle plugin for OWASP dependency-check.</description>
-                    <item name="dependencyCheck" href="./dependency-check-gradle/configuration.html" />
+                    <item name="Check Task" href="./dependency-check-gradle/configuration.html" />
-                    <item name="dependencyCheckUpdate" href="./dependency-check-gradle/configuration-update.html" />
+                    <item name="Update Task" href="./dependency-check-gradle/configuration-update.html" />
-                    <item name="dependencyCheckPurge" href="./dependency-check-gradle/configuration-purge.html" />
+                    <item name="Purge Task" href="./dependency-check-gradle/configuration-purge.html" />
                 </item>
                 <item name="Jenkins Plugin" href="./dependency-check-jenkins/index.html">
                     <description>A Jenkins plugin for OWASP dependency-check.</description>