Fork me on GitHub
Built by Maven

dependency-check:check

Note:This goal should be used as a Maven report.

Full name:

org.owasp:dependency-check-maven:1.0.4:check

Description:

Maven Plugin that checks project dependencies to see if they have any known published vulnerabilities.

Attributes:

  • Requires a Maven project to be executed.
  • Requires dependency resolution of artifacts in scope: runtime+system.
  • The goal is thread-safe and supports parallel builds.
  • Binds by default to the lifecycle phase: compile.
  • Requires that Maven runs in online mode.

Required Parameters

Name Type Since Description
autoUpdate boolean - Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default is true.
Default value is: true.
User property is: autoupdate.
externalReport boolean - Sets whether or not the external report format should be used.
Default value is: false.
User property is: externalReport.
failBuildOnCVSS float - Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.
Default value is: 11.
User property is: failBuildOnCVSS.
format String - The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. Default is HTML.
Default value is: HTML.
User property is: format.
outputDirectory File - The output directory.
Default value is: ${project.build.directory}.
reportOutputDirectory File - Specifies the destination directory for the generated Dependency-Check report.
Default value is: ${project.reporting.outputDirectory}.
User property is: reportOutputDirectory.

Optional Parameters

Name Type Since Description
connectionTimeout String - The Connection Timeout.
User property is: connectionTimeout.
description String - The description of the Dependency-Check report to be displayed in the Maven Generated Reports page
Default value is: A report providing details on any published vulnerabilities within project dependencies. This report is a best effort but may contain false positives and false negatives..
User property is: description.
logFile String - The path to the verbose log
User property is: logfile.
name String - The name of the report to be displayed in the Maven Generated Reports page
Default value is: Dependency-Check.
User property is: name.
proxyPort String - The Proxy Port.
User property is: proxyPort.
proxyUrl String - The Proxy URL.
User property is: proxyUrl.
reportName String - The name of the site report destination.
Default value is: dependency-check-report.
User property is: report-name.

Parameter Details

autoUpdate:

Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default is true.
  • Type: boolean
  • Required: Yes
  • User Property: autoupdate
  • Default: true

connectionTimeout:

The Connection Timeout.
  • Type: java.lang.String
  • Required: No
  • User Property: connectionTimeout

description:

The description of the Dependency-Check report to be displayed in the Maven Generated Reports page
  • Type: java.lang.String
  • Required: No
  • User Property: description
  • Default: A report providing details on any published vulnerabilities within project dependencies. This report is a best effort but may contain false positives and false negatives.

externalReport:

Sets whether or not the external report format should be used.
  • Type: boolean
  • Required: Yes
  • User Property: externalReport
  • Default: false

failBuildOnCVSS:

Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail.
  • Type: float
  • Required: Yes
  • User Property: failBuildOnCVSS
  • Default: 11

format:

The report format to be generated (HTML, XML, VULN, ALL). This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. Default is HTML.
  • Type: java.lang.String
  • Required: Yes
  • User Property: format
  • Default: HTML

logFile:

The path to the verbose log
  • Type: java.lang.String
  • Required: No
  • User Property: logfile

name:

The name of the report to be displayed in the Maven Generated Reports page
  • Type: java.lang.String
  • Required: No
  • User Property: name
  • Default: Dependency-Check

outputDirectory:

The output directory.
  • Type: java.io.File
  • Required: Yes
  • Default: ${project.build.directory}

proxyPort:

The Proxy Port.
  • Type: java.lang.String
  • Required: No
  • User Property: proxyPort

proxyUrl:

The Proxy URL.
  • Type: java.lang.String
  • Required: No
  • User Property: proxyUrl

reportName:

The name of the site report destination.
  • Type: java.lang.String
  • Required: No
  • User Property: report-name
  • Default: dependency-check-report

reportOutputDirectory:

Specifies the destination directory for the generated Dependency-Check report.
  • Type: java.io.File
  • Required: Yes
  • User Property: reportOutputDirectory
  • Default: ${project.reporting.outputDirectory}