mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-13 15:23:40 +01:00
290 lines
13 KiB
HTML
290 lines
13 KiB
HTML
<!DOCTYPE html>
|
|
<!--
|
|
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2017-01-22
|
|
| Rendered using Apache Maven Fluido Skin 1.5
|
|
-->
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<meta name="Date-Revision-yyyymmdd" content="20170122" />
|
|
<meta http-equiv="Content-Language" content="en" />
|
|
<title>dependency-check – Internet Access Required</title>
|
|
<link rel="stylesheet" href="../css/apache-maven-fluido-1.5.min.css" />
|
|
<link rel="stylesheet" href="../css/site.css" />
|
|
<link rel="stylesheet" href="../css/print.css" media="print" />
|
|
|
|
|
|
<script type="text/javascript" src="../js/apache-maven-fluido-1.5.min.js"></script>
|
|
|
|
<style type="text/css">
|
|
#bannerLeft { margin-top:-20px;margin-bottom:5px !important }
|
|
</style>
|
|
</head>
|
|
<body class="topBarDisabled">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a href="https://github.com/jeremylong/DependencyCheck">
|
|
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
|
|
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
|
|
alt="Fork me on GitHub">
|
|
</a>
|
|
|
|
|
|
|
|
|
|
<div class="container-fluid">
|
|
<div id="banner">
|
|
<div class="pull-left">
|
|
<div id="bannerLeft">
|
|
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
|
|
</div>
|
|
</div>
|
|
<div class="pull-right"> </div>
|
|
<div class="clear"><hr/></div>
|
|
</div>
|
|
|
|
<div id="breadcrumbs">
|
|
<ul class="breadcrumb">
|
|
|
|
<li class="">
|
|
<a href="../#" title="">
|
|
</a>
|
|
<span class="divider">/</span>
|
|
</li>
|
|
<li class="active ">Internet Access Required</li>
|
|
|
|
|
|
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2017-01-22</li>
|
|
<li id="projectVersion" class="pull-right">
|
|
Version: 1.4.5
|
|
</li>
|
|
|
|
</ul>
|
|
</div>
|
|
|
|
|
|
<div class="row-fluid">
|
|
<div id="leftColumn" class="span2">
|
|
<div class="well sidebar-nav">
|
|
|
|
<ul class="nav nav-list">
|
|
<li class="nav-header">OWASP dependency-check</li>
|
|
|
|
<li>
|
|
|
|
<a href="../index.html" title="General">
|
|
<span class="icon-chevron-down"></span>
|
|
General</a>
|
|
<ul class="nav nav-list">
|
|
|
|
<li>
|
|
|
|
<a href="../general/internals.html" title="How it Works">
|
|
<span class="none"></span>
|
|
How it Works</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/thereport.html" title="Reading the Report">
|
|
<span class="none"></span>
|
|
Reading the Report</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/suppression.html" title="False Positives">
|
|
<span class="none"></span>
|
|
False Positives</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/hints.html" title="False Negatives">
|
|
<span class="none"></span>
|
|
False Negatives</a>
|
|
</li>
|
|
|
|
<li class="active">
|
|
|
|
<a href="#"><span class="icon-chevron-down"></span>Internet Access Required</a>
|
|
<ul class="nav nav-list">
|
|
|
|
<li>
|
|
|
|
<a href="../data/proxy.html" title="Proxy">
|
|
<span class="none"></span>
|
|
Proxy</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../data/mirrornvd.html" title="Mirroring NVD">
|
|
<span class="none"></span>
|
|
Mirroring NVD</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../data/cachenvd.html" title="Snapshotting the NVD">
|
|
<span class="none"></span>
|
|
Snapshotting the NVD</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../data/database.html" title="Central DB">
|
|
<span class="none"></span>
|
|
Central DB</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../related.html" title="Related Work">
|
|
<span class="none"></span>
|
|
Related Work</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/dependency-check.pptx" title="Project Presentation (pptx)">
|
|
<span class="none"></span>
|
|
Project Presentation (pptx)</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/dependency-check.pdf" title="Project Presentation (pdf)">
|
|
<span class="none"></span>
|
|
Project Presentation (pdf)</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/SampleReport.html" title="Sample Report">
|
|
<span class="none"></span>
|
|
Sample Report</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../general/scan_iso.html" title="How to Scan an ISO Image">
|
|
<span class="none"></span>
|
|
How to Scan an ISO Image</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../analyzers/index.html" title="File Type Analyzers">
|
|
<span class="icon-chevron-right"></span>
|
|
File Type Analyzers</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../modules.html" title="Modules">
|
|
<span class="icon-chevron-right"></span>
|
|
Modules</a>
|
|
</li>
|
|
<li class="nav-header">Project Documentation</li>
|
|
|
|
<li>
|
|
|
|
<a href="../project-info.html" title="Project Information">
|
|
<span class="icon-chevron-right"></span>
|
|
Project Information</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="../project-reports.html" title="Project Reports">
|
|
<span class="icon-chevron-right"></span>
|
|
Project Reports</a>
|
|
</li>
|
|
</ul>
|
|
|
|
|
|
<hr />
|
|
|
|
<div id="poweredBy">
|
|
|
|
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
|
|
|
|
|
|
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
|
|
|
|
<div class="clear"></div>
|
|
<div class="clear"></div>
|
|
|
|
|
|
|
|
<div id="twitter">
|
|
|
|
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
|
|
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
|
|
|
|
</div>
|
|
<div class="clear"></div>
|
|
<div class="clear"></div>
|
|
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
|
|
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
|
|
</a>
|
|
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
|
|
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
|
|
</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div id="bodyColumn" class="span10" >
|
|
|
|
<h1>Internet Access Required</h1>
|
|
<p>There are two reasons dependency-check needs access to the Internet. Below you will find a discussion of each problem and possibly resolutions if you are facing organizational constraints.</p>
|
|
<div class="section">
|
|
<h2><a name="Local_NVD_Database"></a>Local NVD Database</h2>
|
|
<p>OWASP dependency-check maintains a local copy of the NVD CVE data hosted by NIST. By default, a local <a class="externalLink" href="http://www.h2database.com/html/main.html">H2 database</a> instance is used. As each instance maintains its own copy of the NVD the machine will need access to nvd.nist.gov in order to download the NVD data feeds. While the initial download of the NVD data feed is large, if after the initial download the tool is run at least once every seven days only two small XML files containing the recent modifications will need to be downloaded.</p>
|
|
<p>In some installations OpenJDK may not be able to download the NVD CVE data. Please see the <a href="./tlsfailure.html">TLS Failures article</a> for more information.</p>
|
|
<p>If your build servers are using dependency-check and are unable to access the Internet you have a few options:</p>
|
|
|
|
<ol style="list-style-type: decimal">
|
|
|
|
<li>Configure the <a href="proxy.html">proxy settings</a> so that the build server can access the Internet</li>
|
|
|
|
<li><a href="./mirrornvd.html">Mirror the NVD</a> locally within your organization</li>
|
|
|
|
<li>Use a more robust <a href="./database.html">centralized database</a> with a single update node</li>
|
|
</ol></div>
|
|
<div class="section">
|
|
<h2><a name="Downloading_Additional_Information"></a>Downloading Additional Information</h2>
|
|
<p>If the machine that is running dependency-check cannot reach the <a class="externalLink" href="http://search.maven.org">Central Repository</a> the analysis may result in false negatives. This is because some POM files, that are not contained within the JAR file itself, contain evidence that is used to accurately identify a library. If Central cannot be reached, it is highly recommended to setup a Nexus server within your organization and to configure dependency-check to use the local Nexus server. <b>Note</b>, even with a Nexus server setup I have seen dependency-check be re-directed to other repositories on the Internet to download the actual POM file; this happened due to a rare circumstance where the Nexus instance used by dependency-check was not the instance of Nexus used to build the application (i.e. the dependencies were not actually present in the Nexus used by dependency-check).</p></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<hr/>
|
|
|
|
<footer>
|
|
<div class="container-fluid">
|
|
<div class="row-fluid">
|
|
<p >Copyright © 2012–2017
|
|
<a href="http://www.owasp.org">OWASP</a>.
|
|
All rights reserved.
|
|
</p>
|
|
</div>
|
|
|
|
|
|
</div>
|
|
</footer>
|
|
</body>
|
|
</html>
|