dependency-check:check
Note:This goal should be used as a Maven report.
Full name:
org.owasp:dependency-check-maven:1.0.2:check
Description:
Maven Plugin that checks project dependencies to see if they have
any known published vulnerabilities.
Attributes:
- Requires a Maven project to be executed.
- Requires dependency resolution of artifacts in scope: runtime+system.
- The goal is thread-safe and supports parallel builds.
- Binds by default to the lifecycle phase: compile.
- Requires that Maven runs in online mode.
Required Parameters
| Name |
Type |
Since |
Description |
| autoUpdate |
boolean |
- |
Sets whether auto-updating of the NVD CVE/CPE data is enabled. It
is not recommended that this be turned to false. Default is true.
Default value is: true.
User property is: autoupdate. |
| externalReport |
boolean |
- |
Sets whether or not the external report format should be used.
Default value is: false.
User property is: externalReport. |
| failBuildOnCVSS |
float |
- |
Specifies if the build should be failed if a CVSS score above a
specified level is identified. The default is 11 which means since
the CVSS scores are 0-10, by default the build will never fail.
Default value is: 11.
User property is: failBuildOnCVSS. |
| format |
String |
- |
The report format to be generated (HTML, XML, VULN, ALL). This
configuration option has no affect if using this within the Site
plugin unless the externalReport is set to true. Default is HTML.
Default value is: HTML.
User property is: format. |
| outputDirectory |
File |
- |
The output directory.
Default value is: ${project.build.directory}.
|
| reportOutputDirectory |
File |
- |
Specifies the destination directory for the generated
Dependency-Check report.
Default value is: ${project.reporting.outputDirectory}.
User property is: reportOutputDirectory. |
Optional Parameters
| Name |
Type |
Since |
Description |
| connectionTimeout |
String |
- |
The Connection Timeout.
User property is: connectionTimeout. |
| description |
String |
- |
The description of the Dependency-Check report to be displayed in
the Maven Generated Reports page
Default value is: A report providing details on any published vulnerabilities within project dependencies. This report is a best effort but may contain false positives and false negatives..
User property is: description. |
| name |
String |
- |
The name of the report to be displayed in the Maven Generated
Reports page
Default value is: Dependency-Check.
User property is: name. |
| proxyPort |
String |
- |
The Proxy Port.
User property is: proxyPort. |
| proxyUrl |
String |
- |
The Proxy URL.
User property is: proxyUrl. |
| reportName |
String |
- |
The name of the site report destination.
Default value is: dependency-check-report.
User property is: report-name. |
Parameter Details
autoUpdate:
Sets whether auto-updating of the NVD CVE/CPE data is enabled. It
is not recommended that this be turned to false. Default is true.
- Type: boolean
- Required: Yes
- User Property: autoupdate
- Default: true
connectionTimeout:
The Connection Timeout.
- Type: java.lang.String
- Required: No
- User Property: connectionTimeout
description:
The description of the Dependency-Check report to be displayed in
the Maven Generated Reports page
- Type: java.lang.String
- Required: No
- User Property: description
- Default: A report providing details on any published vulnerabilities within project dependencies. This report is a best effort but may contain false positives and false negatives.
externalReport:
Sets whether or not the external report format should be used.
- Type: boolean
- Required: Yes
- User Property: externalReport
- Default: false
failBuildOnCVSS:
Specifies if the build should be failed if a CVSS score above a
specified level is identified. The default is 11 which means since
the CVSS scores are 0-10, by default the build will never fail.
- Type: float
- Required: Yes
- User Property: failBuildOnCVSS
- Default: 11
format:
The report format to be generated (HTML, XML, VULN, ALL). This
configuration option has no affect if using this within the Site
plugin unless the externalReport is set to true. Default is HTML.
- Type: java.lang.String
- Required: Yes
- User Property: format
- Default: HTML
name:
The name of the report to be displayed in the Maven Generated
Reports page
- Type: java.lang.String
- Required: No
- User Property: name
- Default: Dependency-Check
outputDirectory:
The output directory.
- Type: java.io.File
- Required: Yes
- Default: ${project.build.directory}
proxyPort:
The Proxy Port.
- Type: java.lang.String
- Required: No
- User Property: proxyPort
proxyUrl:
The Proxy URL.
- Type: java.lang.String
- Required: No
- User Property: proxyUrl
reportName:
The name of the site report destination.
- Type: java.lang.String
- Required: No
- User Property: report-name
- Default: dependency-check-report
reportOutputDirectory:
Specifies the destination directory for the generated
Dependency-Check report.
- Type: java.io.File
- Required: Yes
- User Property: reportOutputDirectory
- Default: ${project.reporting.outputDirectory}
