The dependency-check-update task downloads and updates the local copy of the NVD. There are several reasons that one may want to use this task; primarily, creating an update that will be run only once a day or once every few days (but not greater then 7 days) and then use the autoUpdate="false" setting on individual dependency-check scans. See Internet Access Required for more information on why this task would be used.
<target name="dependency-check-update" description="Dependency-Check Update">
<dependency-check-update />
</target>
The following properties can be set on the dependency-check task.
| Property | Description | Default Value |
|---|---|---|
| proxyServer | The Proxy Server. | |
| proxyPort | The Proxy Port. | |
| proxyUsername | Defines the proxy user name. | |
| proxyPassword | Defines the proxy password. | |
| connectionTimeout | The URL Connection Timeout. | |
| failOnError | Whether the build should fail if there is an error executing the update | true |
The following properties can be configured in the plugin. However, they are less frequently changed. One exception may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment.
| Property | Description | Default Value |
|---|---|---|
| cveUrl12Modified | URL for the modified CVE 1.2. | https://nvd.nist.gov/download/nvdcve-Modified.xml.gz |
| cveUrl20Modified | URL for the modified CVE 2.0. | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz |
| cveUrl12Base | Base URL for each year’s CVE 1.2, the %d will be replaced with the year. | https://nvd.nist.gov/download/nvdcve-%d.xml.gz |
| cveUrl20Base | Base URL for each year’s CVE 2.0, the %d will be replaced with the year. | https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz |
| dataDirectory | Data directory that is used to store the local copy of the NVD. This should generally not be changed. | data |
| databaseDriverName | The name of the database driver. Example: org.h2.Driver. | |
| databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. | |
| connectionString | The connection string used to connect to the database. | |
| databaseUser | The username used when connecting to the database. | |
| databasePassword | The password used when connecting to the database. |