mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
e204971a6c | ||
|
|
d5b3a118bc | ||
|
|
3396cb2887 | ||
|
|
3c5beea218 | ||
|
|
e544384dd5 | ||
|
|
0e90f460f4 | ||
|
|
921efc4d2b |
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-ant</artifactId>
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
# the path to the data directory
|
||||
data.directory=data
|
||||
data.directory=data/3.0
|
||||
|
||||
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-cli</artifactId>
|
||||
|
||||
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-core</artifactId>
|
||||
|
||||
@@ -18,8 +18,13 @@ engine.version.url=http://jeremylong.github.io/DependencyCheck/current.txt
|
||||
data.directory=[JAR]/data
|
||||
#if the filename has a %s it will be replaced with the current expected version
|
||||
data.file_name=dc.h2.db
|
||||
|
||||
### if you increment the DB version then you must increment the database file path
|
||||
### in the mojo.properties, task.properties (maven and ant respectively), and
|
||||
### the gradle PurgeDataExtension.
|
||||
data.version=3.0
|
||||
data.connection_string=jdbc:h2:file:%s;FILE_LOCK=FS;AUTOCOMMIT=ON;
|
||||
|
||||
data.connection_string=jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
|
||||
#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck
|
||||
|
||||
# user name and password for the database connection. The inherent case is to use H2.
|
||||
|
||||
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-maven</artifactId>
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
# the path to the data directory
|
||||
data.directory=[JAR]/../../dependency-check-data
|
||||
data.directory=[JAR]/../../dependency-check-data/3.0
|
||||
|
||||
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
|
||||
<parent>
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
</parent>
|
||||
|
||||
<artifactId>dependency-check-utils</artifactId>
|
||||
|
||||
2
pom.xml
2
pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
|
||||
|
||||
<groupId>org.owasp</groupId>
|
||||
<artifactId>dependency-check-parent</artifactId>
|
||||
<version>1.3.2</version>
|
||||
<version>1.3.3</version>
|
||||
<packaging>pom</packaging>
|
||||
|
||||
<modules>
|
||||
|
||||
@@ -17,7 +17,7 @@ autoUpdate | Sets whether auto-updating of the NVD CVE/CPE data is ena
|
||||
cveValidForHours | Sets the number of hours to wait before checking for new updates from the NVD. | 4
|
||||
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. | 11
|
||||
format | The report format to be generated (HTML, XML, VULN, ALL). | HTML
|
||||
reportsDirName | The location to write the report(s). This directory will be located in the build directory. | reports
|
||||
outputDirectory | The location to write the report(s). This directory will be located in the build directory. | build/reports
|
||||
skipTestGroups | When set to true (the default) all dependency groups that being with 'test' will be skipped. | true
|
||||
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html) |
|
||||
|
||||
@@ -81,7 +81,7 @@ dependencyCheck {
|
||||
### Analyzer Configuration
|
||||
|
||||
In addition to the above, the dependencyCheck plugin can be configured to enable or disable specific
|
||||
analyzers by configuring the `analyzer` section. Note, specific file type analyzers will automatically
|
||||
analyzers by configuring the `analyzers` section. Note, specific file type analyzers will automatically
|
||||
disable themselves if no file types that they support are detected - so specifically disabling the
|
||||
analyzers is likely not needed.
|
||||
|
||||
@@ -109,7 +109,7 @@ pathToMono | The path to Mono for .NET assembly analysis on non-windo
|
||||
#### Example
|
||||
```groovy
|
||||
dependencyCheck {
|
||||
analyzer {
|
||||
analyzers {
|
||||
assemblyEnabled=false
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,6 +12,8 @@ seven days the update will only take a few seconds.
|
||||
|
||||
#set( $H = '#' )
|
||||
|
||||
$H$H Quick Start
|
||||
|
||||
$H$H$H Step 1, Apply dependency-check-gradle plugin
|
||||
Install from Maven central repo
|
||||
|
||||
@@ -25,7 +27,7 @@ buildscript {
|
||||
}
|
||||
}
|
||||
|
||||
apply plugin: 'dependencyCheck'
|
||||
apply plugin: 'org.owasp.dependencycheck'
|
||||
```
|
||||
|
||||
$H$H$H Step 2, Run the dependencyCheck task
|
||||
@@ -36,9 +38,14 @@ Once gradle plugin applied, run following gradle task to check dependencies:
|
||||
gradle dependencyCheck --info
|
||||
```
|
||||
|
||||
The reports will be generated automatically under `buildDir/reports` folder.
|
||||
The reports will be generated automatically under `build/reports` folder.
|
||||
|
||||
|
||||
$H$H Task Configuration
|
||||
The OWASP dependency-check-gradle plugin contains three tasks: [dependencyCheck](configuration.html),
|
||||
[dependencyCheckUpdate](configuration-update.html), and [dependencyCheckPurge](configuration-purge.html).
|
||||
Please see each tasks configuration page for more information.
|
||||
|
||||
Mailing List
|
||||
------------
|
||||
|
||||
|
||||
@@ -74,7 +74,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
</breadcrumbs>
|
||||
|
||||
<menu name="OWASP dependency-check">
|
||||
<item collapse="false" name="General" href="./index.html">
|
||||
<item collapse="true" name="General" href="./index.html">
|
||||
<item name="How it Works" href="./general/internals.html">
|
||||
<description>How does dependency-check work?</description>
|
||||
</item>
|
||||
@@ -156,9 +156,9 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
|
||||
</item>
|
||||
<item collapse="true" name="Gradle Plugin" href="./dependency-check-gradle/index.html">
|
||||
<description>Gradle plugin for OWASP dependency-check.</description>
|
||||
<item name="dependencyCheck" href="./dependency-check-gradle/configuration.html" />
|
||||
<item name="dependencyCheckUpdate" href="./dependency-check-gradle/configuration-update.html" />
|
||||
<item name="dependencyCheckPurge" href="./dependency-check-gradle/configuration-purge.html" />
|
||||
<item name="Check Task" href="./dependency-check-gradle/configuration.html" />
|
||||
<item name="Update Task" href="./dependency-check-gradle/configuration-update.html" />
|
||||
<item name="Purge Task" href="./dependency-check-gradle/configuration-purge.html" />
|
||||
</item>
|
||||
<item name="Jenkins Plugin" href="./dependency-check-jenkins/index.html">
|
||||
<description>A Jenkins plugin for OWASP dependency-check.</description>
|
||||
|
||||
Reference in New Issue
Block a user