github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 16:23:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
352e9de7628b9a2b527d126b5f97dfd3f9bb6fb5
DependencyCheck/dependency-check-maven/usage.html
Jeremy Long 352e9de762 updated to version 1.0.5
2013-11-16 13:44:16 -05:00

222 lines
8.2 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2013-11-16
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20131116" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check-maven - </title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:50px !important }</style>
</head>
<body class="topBarDisabled">
<a href="http://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<h2>dependency-check-maven</h2>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="../../../../../../../../../../../../c:/Users/jeremy/Documents/NetBeansProjects/DependencyCheck/target/site/1.0.5/#" title="">
</a>
</li>
<li class="divider ">/</li>
<li class="">
<a href="../index.html" title="dependency-check">
dependency-check</a>
</li>
<li class="divider ">/</li>
<li class=""></li>
<li id="publishDate" class="pull-right">Last Published: 2013-11-16</li> <li class="divider pull-right">|</li>
<li id="projectVersion" class="pull-right">Version: 1.0.5</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Getting Started</li>
<li class="active">
<a href="#"><i class="none"></i>Usage</a>
</li>
<li>
<a href="configuration.html" title="Configuration">
<i class="none"></i>
Configuration</a>
</li>
<li class="nav-header">Project Documentation</li>
<li>
<a href="project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
Project Information</a>
</li>
<li>
<a href="project-reports.html" title="Project Reports">
<i class="icon-chevron-right"></i>
Project Reports</a>
</li>
</ul>
<hr class="divider" />
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
<img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span9" >
<h1>Usage</h1>
<p>Dependency-check-maven is very simple to utilize and can be used as a stand-alone plugin or as part of the site plugin.</p>
<p>It is important to understand that the first time this task is executed it may take 20 minutes or more as it downloads and processes the data from the National Vulnerability Database (NVD) hosted by NIST: <a class="externalLink" href="https://nvd.nist.gov">https://nvd.nist.gov</a></p>
<p>After the first batch download, as long as the plugin is executed at least once every seven days the update will only take a few seconds.</p>
<div class="source">
<pre>&lt;project&gt;
&lt;build&gt;
&lt;plugins&gt;
...
&lt;plugin&gt;
&lt;groupId&gt;org.owasp&lt;/groupId&gt;
&lt;artifactId&gt;dependency-check-maven&lt;/artifactId&gt;
&lt;version&gt;1.0.5&lt;/version&gt;
&lt;configuration&gt;
&lt;failBuildOnCVSS&gt;8&lt;/failBuildOnCVSS&gt;
&lt;/configuration&gt;
&lt;executions&gt;
&lt;execution&gt;
&lt;goals&gt;
&lt;goal&gt;check&lt;/goal&gt;
&lt;/goals&gt;
&lt;/execution&gt;
&lt;/executions&gt;
&lt;/plugin&gt;
...
&lt;/plugins&gt;
...
&lt;/build&gt;
...
&lt;/project&gt;
</pre></div>
<p>Note, the above configuration will fail the build if any dependencies are found to have vulnerabilities with a CVSS score greater then 8. If you do not wish to fail the build for CVSS scores do not specify the failBuildOnCVSS element.</p>
<div class="source">
<pre>&lt;project&gt;
&lt;build&gt;
&lt;plugins&gt;
...
&lt;plugin&gt;
&lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt;
&lt;artifactId&gt;maven-site-plugin&lt;/artifactId&gt;
&lt;configuration&gt;
&lt;reportPlugins&gt;
&lt;plugin&gt;
&lt;groupId&gt;org.owasp&lt;/groupId&gt;
&lt;artifactId&gt;dependency-check-maven&lt;/artifactId&gt;
&lt;version&gt;1.0.5&lt;/version&gt;
&lt;configuration&gt;
&lt;externalReport&gt;false&lt;/externalReport&gt;
&lt;/configuration&gt;
&lt;/plugin&gt;
&lt;/reportPlugins&gt;
&lt;/configuration&gt;
&lt;/plugin&gt;
...
&lt;/plugins&gt;
...
&lt;/build&gt;
...
&lt;/project&gt;
</pre></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row span12">Copyright &copy; 2013
<a href="http://www.owasp.org">OWASP</a>.
All Rights Reserved.
</div>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink