View Javadoc
1   /*
2    * This file is part of dependency-check-maven.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2013 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.maven;
19  
20  import java.util.Locale;
21  import java.util.logging.Level;
22  import java.util.logging.Logger;
23  import org.apache.maven.artifact.Artifact;
24  import org.apache.maven.plugin.MojoExecutionException;
25  import org.apache.maven.plugin.MojoFailureException;
26  import org.apache.maven.plugins.annotations.LifecyclePhase;
27  import org.apache.maven.plugins.annotations.Mojo;
28  import org.apache.maven.plugins.annotations.ResolutionScope;
29  import org.owasp.dependencycheck.data.nvdcve.DatabaseException;
30  import org.owasp.dependencycheck.utils.Settings;
31  
32  /**
33   * Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
34   *
35   * @author Jeremy Long
36   */
37  @Mojo(
38          name = "update-only",
39          defaultPhase = LifecyclePhase.GENERATE_RESOURCES,
40          threadSafe = true,
41          requiresDependencyResolution = ResolutionScope.NONE,
42          requiresOnline = true
43  )
44  public class UpdateMojo extends BaseDependencyCheckMojo {
45  
46      /**
47       * Logger field reference.
48       */
49      private static final Logger LOGGER = Logger.getLogger(UpdateMojo.class.getName());
50  
51      /**
52       * Returns false; this mojo cannot generate a report.
53       *
54       * @return <code>false</code>
55       */
56      @Override
57      public boolean canGenerateReport() {
58          return false;
59      }
60  
61      /**
62       * Executes the dependency-check engine on the project's dependencies and generates the report.
63       *
64       * @throws MojoExecutionException thrown if there is an exception executing the goal
65       * @throws MojoFailureException thrown if dependency-check is configured to fail the build
66       */
67      @Override
68      public void runCheck() throws MojoExecutionException, MojoFailureException {
69          final Engine engine;
70          try {
71              engine = initializeEngine();
72              engine.update();
73          } catch (DatabaseException ex) {
74              LOGGER.log(Level.FINE, "Database connection error", ex);
75              throw new MojoExecutionException("An exception occured connecting to the local database. Please see the log file for more details.", ex);
76          }
77          engine.cleanup();
78          Settings.cleanup();
79      }
80  
81      /**
82       * Returns the report name.
83       *
84       * @param locale the location
85       * @return the report name
86       */
87      public String getName(Locale locale) {
88          return "dependency-check-update";
89      }
90  
91      /**
92       * Gets the description of the Dependency-Check report to be displayed in the Maven Generated Reports page.
93       *
94       * @param locale The Locale to get the description for
95       * @return the description
96       */
97      public String getDescription(Locale locale) {
98          return "Updates the local cache of the NVD data from NIST.";
99      }
100 
101 }