github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 08:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
gh-pages
DependencyCheck/dependency-check-gradle/configuration.html
Jeremy Long 615f6e3750 documentation version 1.4.5
2017-01-22 17:22:46 -05:00

857 lines
23 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7.1 at 2017-01-22
| Rendered using Apache Maven Fluido Skin 1.5
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20170122" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check &#x2013; Tasks</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.5.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.5.min.js"></script>
<style type="text/css">
#bannerLeft { margin-top:-20px;margin-bottom:5px !important }
</style>
</head>
<body class="topBarDisabled">
<a href="https://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<img src="../images/dc.svg" alt="OWASP dependency-check"/>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Tasks</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2017-01-22</li>
<li id="projectVersion" class="pull-right">
Version: 1.4.5
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">OWASP dependency-check</li>
<li>
<a href="../index.html" title="General">
<span class="icon-chevron-right"></span>
General</a>
</li>
<li>
<a href="../analyzers/index.html" title="File Type Analyzers">
<span class="icon-chevron-right"></span>
File Type Analyzers</a>
</li>
<li>
<a href="../modules.html" title="Modules">
<span class="icon-chevron-down"></span>
Modules</a>
<ul class="nav nav-list">
<li>
<a href="../dependency-check-cli/index.html" title="CLI">
<span class="none"></span>
CLI</a>
</li>
<li>
<a href="../dependency-check-ant/index.html" title="Ant Task">
<span class="none"></span>
Ant Task</a>
</li>
<li>
<a href="../dependency-check-maven/index.html" title="Maven Plugin">
<span class="none"></span>
Maven Plugin</a>
</li>
<li>
<a href="../dependency-check-gradle/index.html" title="Gradle Plugin">
<span class="icon-chevron-down"></span>
Gradle Plugin</a>
<ul class="nav nav-list">
<li class="active">
<a href="#"><span class="none"></span>Check Task</a>
</li>
<li>
<a href="../dependency-check-gradle/configuration-update.html" title="Update Task">
<span class="none"></span>
Update Task</a>
</li>
<li>
<a href="../dependency-check-gradle/configuration-purge.html" title="Purge Task">
<span class="none"></span>
Purge Task</a>
</li>
</ul>
</li>
<li>
<a href="../dependency-check-jenkins/index.html" title="Jenkins Plugin">
<span class="none"></span>
Jenkins Plugin</a>
</li>
<li>
<a href="../dependency-check-core/index.html" title="Core">
<span class="none"></span>
Core</a>
</li>
<li>
<a href="../dependency-check-utils/index.html" title="Utils">
<span class="none"></span>
Utils</a>
</li>
<li>
<a href="../dependency-check-plugin/index.html" title="Archetype">
<span class="none"></span>
Archetype</a>
</li>
</ul>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="../project-info.html" title="Project Information">
<span class="icon-chevron-right"></span>
Project Information</a>
</li>
<li>
<a href="../project-reports.html" title="Project Reports">
<span class="icon-chevron-right"></span>
Project Reports</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<h1>Tasks</h1>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Task </th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>dependencyCheck </td>
<td>Runs dependency-check against the project and generates a report.</td>
</tr>
<tr class="a">
<td><a href="configuration-update.html">dependencyCheckUpdate</a> </td>
<td>Updates the local cache of the NVD data from NIST.</td>
</tr>
<tr class="b">
<td><a href="configuration-purge.html">dependencyCheckPurge</a> </td>
<td>Deletes the local copy of the NVD. This is used to force a refresh of the data.</td>
</tr>
</tbody>
</table>
<h1>Configuration: dependencyCheck</h1>
<p>The following properties can be configured for the dependencyCheck task:</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>autoUpdate </td>
<td>Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. </td>
<td>true</td>
</tr>
<tr class="a">
<td>cveValidForHours </td>
<td>Sets the number of hours to wait before checking for new updates from the NVD. </td>
<td>4</td>
</tr>
<tr class="b">
<td>failBuildOnCVSS </td>
<td>Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. </td>
<td>11</td>
</tr>
<tr class="a">
<td>format </td>
<td>The report format to be generated (HTML, XML, VULN, ALL). </td>
<td>HTML</td>
</tr>
<tr class="b">
<td>outputDirectory </td>
<td>The location to write the report(s). This directory will be located in the build directory. </td>
<td>build/reports</td>
</tr>
<tr class="a">
<td>skipTestGroups </td>
<td>When set to true (the default) all dependency groups that being with &#x2018;test&#x2019; will be skipped. </td>
<td>true</td>
</tr>
<tr class="b">
<td>suppressionFile </td>
<td>The file path to the XML suppression file - used to suppress <a href="../general/suppression.html">false positives</a> </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>hintsFile </td>
<td>The file path to the XML hints file - used to resolve <a href="../general/hints.html">false negatives</a> </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>skipConfigurations </td>
<td>A list of configurations that will be skipped. This is mutually exclusive with the scanConfigurations property. </td>
<td><tt>[]</tt> which means no configuration is skipped.</td>
</tr>
<tr class="a">
<td>scanConfigurations </td>
<td>A list of configurations that will be scanned, all other configurations are skipped. This is mutually exclusive with the skipConfigurations property. </td>
<td><tt>[]</tt> which implicitly means all configurations get scanned.</td>
</tr>
</tbody>
</table>
<div class="section">
<div class="section">
<div class="section">
<h4><a name="Example"></a>Example</h4>
<div class="source">
<div class="source"><pre class="prettyprint linenums">dependencyCheck {
autoUpdate=false
cveValidForHours=1
format='ALL'
}
</pre></div></div></div></div>
<div class="section">
<h3><a name="Proxy_Configuration"></a>Proxy Configuration</h3>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>server </td>
<td>The proxy server; see the <a href="../data/proxy.html">proxy configuration</a> page for more information. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>port </td>
<td>The proxy port. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>username </td>
<td>Defines the proxy user name. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>password </td>
<td>Defines the proxy password. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>connectionTimeout </td>
<td>The URL Connection Timeout. </td>
<td>&#160;</td>
</tr>
</tbody>
</table>
<div class="section">
<h4><a name="Example"></a>Example</h4>
<div class="source">
<div class="source"><pre class="prettyprint linenums">dependencyCheck {
proxy {
server=some.proxy.server
port=8989
}
}
</pre></div></div></div></div>
<div class="section">
<h3><a name="Advanced_Configuration"></a>Advanced Configuration</h3>
<p>The following properties can be configured in the dependencyCheck task. However, they are less frequently changed. One exception may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment. Note, if ANY of the cve configuration group are set - they should all be set to ensure things work as expected.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Config Group </th>
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>cve </td>
<td>url12Modified </td>
<td>URL for the modified CVE 1.2. </td>
<td><a class="externalLink" href="https://nvd.nist.gov/download/nvdcve-Modified.xml.gz">https://nvd.nist.gov/download/nvdcve-Modified.xml.gz</a></td>
</tr>
<tr class="a">
<td>cve </td>
<td>url20Modified </td>
<td>URL for the modified CVE 2.0. </td>
<td><a class="externalLink" href="https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz">https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz</a></td>
</tr>
<tr class="b">
<td>cve </td>
<td>url12Base </td>
<td>Base URL for each year&#x2019;s CVE 1.2, the %d will be replaced with the year. </td>
<td><a class="externalLink" href="https://nvd.nist.gov/download/nvdcve-%d.xml.gz">https://nvd.nist.gov/download/nvdcve-%d.xml.gz</a></td>
</tr>
<tr class="a">
<td>cve </td>
<td>url20Base </td>
<td>Base URL for each year&#x2019;s CVE 2.0, the %d will be replaced with the year. </td>
<td><a class="externalLink" href="https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz">https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml.gz</a></td>
</tr>
<tr class="b">
<td>data </td>
<td>directory </td>
<td>Sets the data directory to hold SQL CVEs contents. This should generally not be changed. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>data </td>
<td>driver </td>
<td>The name of the database driver. Example: org.h2.Driver. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>data </td>
<td>driverPath </td>
<td>The path to the database driver JAR file; only used if the driver is not in the class path. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>data </td>
<td>connectionString </td>
<td>The connection string used to connect to the database. </td>
<td>&#160;</td>
</tr>
<tr class="b">
<td>data </td>
<td>username </td>
<td>The username used when connecting to the database. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>data </td>
<td>password </td>
<td>The password used when connecting to the database. </td>
<td>&#160;</td>
</tr>
</tbody>
</table>
<div class="section">
<h4><a name="Example"></a>Example</h4>
<div class="source">
<div class="source"><pre class="prettyprint linenums">dependencyCheck {
data {
directory='d:/nvd'
}
}
</pre></div></div></div></div>
<div class="section">
<h3><a name="Analyzer_Configuration"></a>Analyzer Configuration</h3>
<p>In addition to the above, the dependencyCheck plugin can be configured to enable or disable specific analyzers by configuring the <tt>analyzers</tt> section. Note, specific file type analyzers will automatically disable themselves if no file types that they support are detected - so specifically disabling the analyzers is likely not needed.</p>
<table border="0" class="table table-striped">
<thead>
<tr class="a">
<th>Property </th>
<th>Description </th>
<th>Default Value</th>
</tr>
</thead>
<tbody>
<tr class="b">
<td>experimentalEnabled </td>
<td>Sets whether the <a href="../analyzers/index.html">experimental analyzers</a> will be used. If not set to true the analyzers marked as experimental (see below) will not be used </td>
<td>false</td>
</tr>
<tr class="a">
<td>archiveEnabled </td>
<td>Sets whether the Archive Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>zipExtensions </td>
<td>A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>jarEnabled </td>
<td>Sets whether Jar Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>centralEnabled </td>
<td>Sets whether Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below). </td>
<td>true</td>
</tr>
<tr class="a">
<td>nexusEnabled </td>
<td>Sets whether Nexus Analyzer will be used. This analyzer is superceded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation. </td>
<td>true</td>
</tr>
<tr class="b">
<td>nexusUrl </td>
<td>Defines the Nexus Server&#x2019;s web service end point (example <a class="externalLink" href="http://domain.enterprise/service/local/)">http://domain.enterprise/service/local/)</a>. If not set the Nexus Analyzer will be disabled. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>nexusUsesProxy </td>
<td>Whether or not the defined proxy should be used when connecting to Nexus. </td>
<td>true</td>
</tr>
<tr class="b">
<td>pyDistributionEnabled </td>
<td>Sets whether the <a href="../analyzers/index.html">experimental</a> Python Distribution Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>pyPackageEnabled </td>
<td>Sets whether the <a href="../analyzers/index.html">experimental</a> Python Package Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>rubygemsEnabled </td>
<td>Sets whether the <a href="../analyzers/index.html">experimental</a> Ruby Gemspec Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>opensslEnabled </td>
<td>Sets whether or not the openssl Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>nuspecEnabled </td>
<td>Sets whether or not the .NET Nuget Nuspec Analyzer will be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>assemblyEnabled </td>
<td>Sets whether or not the .NET Assembly Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>pathToMono </td>
<td>The path to Mono for .NET assembly analysis on non-windows systems. </td>
<td>&#160;</td>
</tr>
<tr class="a">
<td>cmakeEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> CMake Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>autoconfEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> autoconf Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>composerEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> PHP Composer Lock File Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>nodeEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> Node.js Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>cocoapodsEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> Cocoapods Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>swiftEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> Swift Package Manager Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="a">
<td>bundleAuditEnabled </td>
<td>Sets whether or not the <a href="../analyzers/index.html">experimental</a> Ruby Bundle Audit Analyzer should be used. </td>
<td>true</td>
</tr>
<tr class="b">
<td>pathToBundleAudit </td>
<td>The path to bundle audit. </td>
<td>&#160;</td>
</tr>
</tbody>
</table>
<div class="section">
<h4><a name="Example"></a>Example</h4>
<div class="source">
<div class="source"><pre class="prettyprint linenums">dependencyCheck {
analyzers {
assemblyEnabled=false
}
}
</pre></div></div></div></div></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2017
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink