View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.util.Locale;
21  import org.apache.maven.plugin.MojoExecutionException;
22  import org.apache.maven.plugin.MojoFailureException;
23  import org.apache.maven.plugins.annotations.LifecyclePhase;
24  import org.apache.maven.plugins.annotations.Mojo;
25  import org.apache.maven.plugins.annotations.ResolutionScope;
26  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
27  import org.owasp.dependencycheck.utils.Settings;
28  
29  /**
30   * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
31   *
32   * @author Jeremy Long
33   */
34  @Mojo(
35          name = "update-only",
36          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
37          threadSafe = false,
38          requiresDependencyResolution = ResolutionScope.NONE,
39          requiresOnline = true
40  )
41  public class UpdateMojo extends BaseDependencyCheckMojo {
42  
43      /**
44       * Returns false; this mojo cannot generate a report.
45       *
46       * @return <code>false</code>
47       */
48      @Override
49      public boolean canGenerateReport() {
50          return false;
51      }
52  
53      /**
54       * Executes the dependency-check engine on the project's dependencies and generates the report.
55       *
56       * @throws MojoExecutionException thrown if there is an exception executing the goal
57       * @throws MojoFailureException thrown if dependency-check is configured to fail the build
58       */
59      @Override
60      public void runCheck() throws MojoExecutionException, MojoFailureException {
61          final Engine engine;
62          try {
63              engine = initializeEngine();
64              engine.update();
65          } catch (DatabaseException ex) {
66              if (getLog().isDebugEnabled()) {
67                  getLog().debug("Database connection error", ex);
68              }
69              throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
70          }
71          engine.cleanup();
72          Settings.cleanup();
73      }
74  
75      /**
76       * Returns the report name.
77       *
78       * @param locale the location
79       * @return the report name
80       */
81      @Override
82      public String getName(Locale locale) {
83          return "dependency-check-update";
84      }
85  
86      /**
87       * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
88       *
89       * @param locale The Locale to get the description for
90       * @return the description
91       */
92      @Override
93      public String getDescription(Locale locale) {
94          return "Updates the local cache of the NVD data from NIST.";
95      }
96  
97  }