Fork me on GitHub
built with maven developed using built on cloudbees

dependency-check:aggregate

Note:This goal should be used as a Maven report.

Full name:

org.owasp:dependency-check-maven:1.2.9:aggregate

Description:

Maven Plugin that checks project dependencies and the dependencies of all child modules to see if they have any known published vulnerabilities.

Attributes:

  • Requires a Maven project to be executed.
  • Executes as an aggregator plugin.
  • Requires dependency resolution of artifacts in scope: compile+runtime.
  • The goal is thread-safe and supports parallel builds.
  • Binds by default to the lifecycle phase: site.
  • Requires that Maven runs in online mode.

Required Parameters

Name Type Since Description
autoUpdate boolean - Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default is true.
Default value is: true.
User property is: autoupdate.
dataFileName String - Sets whether or not the external report format should be used.
Default value is: dependency-check.ser.
User property is: metaFileName.
failBuildOnCVSS float - Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.
Default value is: 11.
User property is: failBuildOnCVSS.
format String - The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plug-in unless the externalReport is set to true. Default is HTML.
Default value is: HTML.
User property is: format.
outputDirectory File - The output directory. This generally maps to "target".
Default value is: ${project.build.directory}.
reportOutputDirectory File - Specifies the destination directory for the generated Dependency-Check report. This generally maps to "target/site".
User property is: project.reporting.outputDirectory.

Optional Parameters

Name Type Since Description
aggregate boolean - Deprecated. use the aggregate goal instead
Default value is: false.
User property is: aggregate.
archiveAnalyzerEnabled boolean - Whether or not the Archive Analyzer is enabled.
Default value is: true.
User property is: archiveAnalyzerEnabled.
assemblyAnalyzerEnabled boolean - Whether or not the .NET Assembly Analyzer is enabled.
Default value is: true.
User property is: assemblyAnalyzerEnabled.
centralAnalyzerEnabled boolean - Whether or not the Central Analyzer is enabled.
Default value is: true.
User property is: centralAnalyzerEnabled.
connectionString String - The database connection string.
User property is: connectionString.
connectionTimeout String - The Connection Timeout.
User property is: connectionTimeout.
cveUrl12Base String - Base Data Mirror URL for CVE 1.2.
User property is: cveUrl12Base.
cveUrl12Modified String - Data Mirror URL for CVE 1.2.
User property is: cveUrl12Modified.
cveUrl20Base String - Data Mirror URL for CVE 2.0.
User property is: cveUrl20Base.
cveUrl20Modified String - Data Mirror URL for CVE 2.0.
User property is: cveUrl20Modified.
dataDirectory String - The data directory, hold DC SQL DB.
User property is: dataDirectory.
databaseDriverName String - The database driver name. An example would be org.h2.Driver.
User property is: databaseDriverName.
databaseDriverPath String - The path to the database driver if it is not on the class path.
User property is: databaseDriverPath.
databasePassword String - The password to use when connecting to the database.
User property is: databasePassword.
databaseUser String - The database user name.
User property is: databaseUser.
externalReport String - Deprecated. the internal report is no longer supported
User property is: externalReport.
jarAnalyzerEnabled boolean - Whether or not the Jar Analyzer is enabled.
Default value is: true.
User property is: jarAnalyzerEnabled.
logFile String - The path to the verbose log.
User property is: logFile.
mavenSettings Settings - The Maven settings.
Default value is: ${settings}.
User property is: mavenSettings.
mavenSettingsProxyId String - The maven settings proxy id.
User property is: mavenSettingsProxyId.
nexusAnalyzerEnabled boolean - Whether or not the Nexus Analyzer is enabled.
Default value is: true.
User property is: nexusAnalyzerEnabled.
nexusUrl String - The URL of a Nexus Pro server.
User property is: nexusUrl.
nexusUsesProxy boolean - Whether or not the configured proxy is used to connect to Nexus.
Default value is: true.
User property is: nexusUsesProxy.
nuspecAnalyzerEnabled boolean - Whether or not the .NET Nuspec Analyzer is enabled.
Default value is: true.
User property is: nuspecAnalyzerEnabled.
pathToMono String - The path to mono for .NET Assembly analysis on non-windows systems.
User property is: pathToMono.
proxyUrl String - Deprecated. Please use mavenSettings instead
User property is: proxyUrl.
showSummary boolean - Flag indicating whether or not to show a summary in the output.
Default value is: true.
User property is: showSummary.
skipProvidedScope boolean - Skip Analysis for Provided Scope Dependencies.
Default value is: false.
User property is: skipProvidedScope.
skipRuntimeScope boolean - Skip Analysis for Runtime Scope Dependencies.
Default value is: false.
User property is: skipRuntimeScope.
skipTestScope boolean - Skip Analysis for Test Scope Dependencies.
Default value is: true.
User property is: skipTestScope.
suppressionFile String - The path to the suppression file.
User property is: suppressionFile.
zipExtensions String - A comma-separated list of file extensions to add to analysis next to jar, zip, ....
User property is: zipExtensions.

Parameter Details

aggregate:

Deprecated. use the aggregate goal instead
Generate aggregate reports in multi-module projects.
  • Type: boolean
  • Required: No
  • User Property: aggregate
  • Default: false

archiveAnalyzerEnabled:

Whether or not the Archive Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: archiveAnalyzerEnabled
  • Default: true

assemblyAnalyzerEnabled:

Whether or not the .NET Assembly Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: assemblyAnalyzerEnabled
  • Default: true

autoUpdate:

Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default is true.
  • Type: boolean
  • Required: Yes
  • User Property: autoupdate
  • Default: true

centralAnalyzerEnabled:

Whether or not the Central Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: centralAnalyzerEnabled
  • Default: true

connectionString:

The database connection string.
  • Type: java.lang.String
  • Required: No
  • User Property: connectionString

connectionTimeout:

The Connection Timeout.
  • Type: java.lang.String
  • Required: No
  • User Property: connectionTimeout

cveUrl12Base:

Base Data Mirror URL for CVE 1.2.
  • Type: java.lang.String
  • Required: No
  • User Property: cveUrl12Base

cveUrl12Modified:

Data Mirror URL for CVE 1.2.
  • Type: java.lang.String
  • Required: No
  • User Property: cveUrl12Modified

cveUrl20Base:

Data Mirror URL for CVE 2.0.
  • Type: java.lang.String
  • Required: No
  • User Property: cveUrl20Base

cveUrl20Modified:

Data Mirror URL for CVE 2.0.
  • Type: java.lang.String
  • Required: No
  • User Property: cveUrl20Modified

dataDirectory:

The data directory, hold DC SQL DB.
  • Type: java.lang.String
  • Required: No
  • User Property: dataDirectory

dataFileName:

Sets whether or not the external report format should be used.
  • Type: java.lang.String
  • Required: Yes
  • User Property: metaFileName
  • Default: dependency-check.ser

databaseDriverName:

The database driver name. An example would be org.h2.Driver.
  • Type: java.lang.String
  • Required: No
  • User Property: databaseDriverName

databaseDriverPath:

The path to the database driver if it is not on the class path.
  • Type: java.lang.String
  • Required: No
  • User Property: databaseDriverPath

databasePassword:

The password to use when connecting to the database.
  • Type: java.lang.String
  • Required: No
  • User Property: databasePassword

databaseUser:

The database user name.
  • Type: java.lang.String
  • Required: No
  • User Property: databaseUser

externalReport:

Deprecated. the internal report is no longer supported
Sets whether or not the external report format should be used.
  • Type: java.lang.String
  • Required: No
  • User Property: externalReport

failBuildOnCVSS:

Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.
  • Type: float
  • Required: Yes
  • User Property: failBuildOnCVSS
  • Default: 11

format:

The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plug-in unless the externalReport is set to true. Default is HTML.
  • Type: java.lang.String
  • Required: Yes
  • User Property: format
  • Default: HTML

jarAnalyzerEnabled:

Whether or not the Jar Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: jarAnalyzerEnabled
  • Default: true

logFile:

The path to the verbose log.
  • Type: java.lang.String
  • Required: No
  • User Property: logFile

mavenSettings:

The Maven settings.
  • Type: org.apache.maven.settings.Settings
  • Required: No
  • User Property: mavenSettings
  • Default: ${settings}

mavenSettingsProxyId:

The maven settings proxy id.
  • Type: java.lang.String
  • Required: No
  • User Property: mavenSettingsProxyId

nexusAnalyzerEnabled:

Whether or not the Nexus Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: nexusAnalyzerEnabled
  • Default: true

nexusUrl:

The URL of a Nexus Pro server.
  • Type: java.lang.String
  • Required: No
  • User Property: nexusUrl

nexusUsesProxy:

Whether or not the configured proxy is used to connect to Nexus.
  • Type: boolean
  • Required: No
  • User Property: nexusUsesProxy
  • Default: true

nuspecAnalyzerEnabled:

Whether or not the .NET Nuspec Analyzer is enabled.
  • Type: boolean
  • Required: No
  • User Property: nuspecAnalyzerEnabled
  • Default: true

outputDirectory:

The output directory. This generally maps to "target".
  • Type: java.io.File
  • Required: Yes
  • Default: ${project.build.directory}

pathToMono:

The path to mono for .NET Assembly analysis on non-windows systems.
  • Type: java.lang.String
  • Required: No
  • User Property: pathToMono

proxyUrl:

Deprecated. Please use mavenSettings instead
The Proxy URL.
  • Type: java.lang.String
  • Required: No
  • User Property: proxyUrl

reportOutputDirectory:

Specifies the destination directory for the generated Dependency-Check report. This generally maps to "target/site".
  • Type: java.io.File
  • Required: Yes
  • User Property: project.reporting.outputDirectory

showSummary:

Flag indicating whether or not to show a summary in the output.
  • Type: boolean
  • Required: No
  • User Property: showSummary
  • Default: true

skipProvidedScope:

Skip Analysis for Provided Scope Dependencies.
  • Type: boolean
  • Required: No
  • User Property: skipProvidedScope
  • Default: false

skipRuntimeScope:

Skip Analysis for Runtime Scope Dependencies.
  • Type: boolean
  • Required: No
  • User Property: skipRuntimeScope
  • Default: false

skipTestScope:

Skip Analysis for Test Scope Dependencies.
  • Type: boolean
  • Required: No
  • User Property: skipTestScope
  • Default: true

suppressionFile:

The path to the suppression file.
  • Type: java.lang.String
  • Required: No
  • User Property: suppressionFile

zipExtensions:

A comma-separated list of file extensions to add to analysis next to jar, zip, ....
  • Type: java.lang.String
  • Required: No
  • User Property: zipExtensions