mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-15 08:13:43 +01:00
350 lines
13 KiB
HTML
350 lines
13 KiB
HTML
<!DOCTYPE html>
|
|
<!--
|
|
| Generated by Apache Maven Doxia at 2014-11-16
|
|
| Rendered using Apache Maven Fluido Skin 1.3.1
|
|
-->
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
|
<head>
|
|
<meta charset="UTF-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
<meta name="Date-Revision-yyyymmdd" content="20141116" />
|
|
<meta http-equiv="Content-Language" content="en" />
|
|
<title>dependency-check-maven - Usage</title>
|
|
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
|
|
<link rel="stylesheet" href="./css/site.css" />
|
|
<link rel="stylesheet" href="./css/print.css" media="print" />
|
|
|
|
|
|
<script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
|
|
|
|
|
|
|
|
<style type="text/css">#bannerLeft { margin-top:50px !important }</style>
|
|
|
|
</head>
|
|
<body class="topBarDisabled">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<a href="http://github.com/jeremylong/DependencyCheck">
|
|
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
|
|
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
|
|
alt="Fork me on GitHub">
|
|
</a>
|
|
|
|
|
|
|
|
|
|
<div class="container-fluid">
|
|
<div id="banner">
|
|
<div class="pull-left">
|
|
<div id="bannerLeft">
|
|
<h2>dependency-check-maven</h2>
|
|
</div>
|
|
</div>
|
|
<div class="pull-right"> </div>
|
|
<div class="clear"><hr/></div>
|
|
</div>
|
|
|
|
<div id="breadcrumbs">
|
|
<ul class="breadcrumb">
|
|
|
|
|
|
<li class="">
|
|
<a href="../../../../../../../../../../../../c:/Users/jeremy/Documents/NetBeansProjects/DependencyCheck/target/site/1.2.6/#" title="">
|
|
</a>
|
|
<span class="divider">/</span>
|
|
</li>
|
|
<li class="">
|
|
<a href="../index.html" title="dependency-check">
|
|
dependency-check</a>
|
|
<span class="divider">/</span>
|
|
</li>
|
|
<li class="active ">Usage</li>
|
|
|
|
|
|
|
|
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-11-16</li>
|
|
<li id="projectVersion" class="pull-right">
|
|
Version: 1.2.6
|
|
</li>
|
|
|
|
</ul>
|
|
</div>
|
|
|
|
|
|
<div class="row-fluid">
|
|
<div id="leftColumn" class="span3">
|
|
<div class="well sidebar-nav">
|
|
|
|
|
|
<ul class="nav nav-list">
|
|
<li class="nav-header">Getting Started</li>
|
|
|
|
<li class="active">
|
|
|
|
<a href="#"><i class="none"></i>Usage</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="configuration.html" title="Configuration">
|
|
<i class="none"></i>
|
|
Configuration</a>
|
|
</li>
|
|
<li class="nav-header">Project Documentation</li>
|
|
|
|
<li>
|
|
|
|
<a href="project-info.html" title="Project Information">
|
|
<i class="icon-chevron-right"></i>
|
|
Project Information</a>
|
|
</li>
|
|
|
|
<li>
|
|
|
|
<a href="project-reports.html" title="Project Reports">
|
|
<i class="icon-chevron-right"></i>
|
|
Project Reports</a>
|
|
</li>
|
|
</ul>
|
|
|
|
|
|
|
|
<hr />
|
|
|
|
<div id="poweredBy">
|
|
|
|
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
|
|
|
|
|
|
<div class="g-plusone" data-href="http://maven.apache.org" data-size="tall" ></div>
|
|
|
|
<div class="clear"></div>
|
|
<div class="clear"></div>
|
|
|
|
|
|
|
|
<div id="twitter">
|
|
|
|
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
|
|
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
|
|
|
|
</div>
|
|
<div class="clear"></div>
|
|
<div class="clear"></div>
|
|
<a href="./" title="Maven" class="builtBy">
|
|
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
|
|
</a>
|
|
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
|
|
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
|
|
</a>
|
|
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
|
|
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
|
|
</a>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div id="bodyColumn" class="span9" >
|
|
|
|
<h1>Usage</h1>
|
|
<p>Dependency-check-maven is very simple to utilize and can be used as a stand-alone plugin or as part of the site plugin.</p>
|
|
<p>It is important to understand that the first time this task is executed it may take 20 minutes or more as it downloads and processes the data from the National Vulnerability Database (NVD) hosted by NIST: <a class="externalLink" href="https://nvd.nist.gov">https://nvd.nist.gov</a></p>
|
|
<p>After the first batch download, as long as the plugin is executed at least once every seven days the update will only take a few seconds.</p>
|
|
<div class="section">
|
|
<div class="section">
|
|
<h3>Example 1:<a name="Example_1:"></a></h3>
|
|
<p>Create the DependencyCheck-report.html in the target directory</p>
|
|
|
|
<div class="source">
|
|
<pre><project>
|
|
...
|
|
<build>
|
|
...
|
|
<plugins>
|
|
...
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>1.2.6</version>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>check</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
...
|
|
</plugins>
|
|
...
|
|
</build>
|
|
...
|
|
</project>
|
|
</pre></div></div>
|
|
<div class="section">
|
|
<h3>Example 2:<a name="Example_2:"></a></h3>
|
|
<p>Create an aggregated dependency-check report within the site</p>
|
|
|
|
<div class="source">
|
|
<pre><project>
|
|
...
|
|
<reporting>
|
|
...
|
|
<plugins>
|
|
...
|
|
<plugin>
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>1.2.6</version>
|
|
<configuration>
|
|
<aggregate>true</aggregate>
|
|
</configuration>
|
|
<reportSets>
|
|
<reportSet>
|
|
<reports>
|
|
<report>check</report>
|
|
</reports>
|
|
</reportSet>
|
|
</reportSets>
|
|
</plugin>
|
|
</plugin>
|
|
...
|
|
</plugins>
|
|
...
|
|
</reporting>
|
|
...
|
|
</project>
|
|
</pre></div></div>
|
|
<div class="section">
|
|
<h3>Example 3:<a name="Example_3:"></a></h3>
|
|
<p>Create the DependencyCheck-report.html and fail the build for CVSS greater then 8</p>
|
|
|
|
<div class="source">
|
|
<pre><project>
|
|
...
|
|
<build>
|
|
...
|
|
<plugins>
|
|
...
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>1.2.6</version>
|
|
<configuration>
|
|
<failBuildOnCVSS>8</failBuildOnCVSS>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>check</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
...
|
|
</plugins>
|
|
...
|
|
</build>
|
|
...
|
|
</project>
|
|
</pre></div></div>
|
|
<div class="section">
|
|
<h3>Example 4:<a name="Example_4:"></a></h3>
|
|
<p>Create the DependencyCheck-report.html and skip artifacts not bundled in distribution (Provided and Runtime scope)</p>
|
|
|
|
<div class="source">
|
|
<pre><project>
|
|
...
|
|
<build>
|
|
...
|
|
<plugins>
|
|
...
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>1.2.6</version>
|
|
<configuration>
|
|
<skipProvidedScope>true</skipProvidedScope>
|
|
<skipRuntimeScope>true</skipRuntimeScope>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>check</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
...
|
|
</plugins>
|
|
...
|
|
</build>
|
|
...
|
|
</project>
|
|
</pre></div></div>
|
|
<div class="section">
|
|
<h3>Example 5:<a name="Example_5:"></a></h3>
|
|
<p>Create the DependencyCheck-report.html and use internal mirroring of CVE contents</p>
|
|
|
|
<div class="source">
|
|
<pre><project>
|
|
...
|
|
<build>
|
|
...
|
|
<plugins>
|
|
...
|
|
<plugin>
|
|
<groupId>org.owasp</groupId>
|
|
<artifactId>dependency-check-maven</artifactId>
|
|
<version>1.2.6</version>
|
|
<configuration>
|
|
<cveUrl12Modified>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-modified.xml</cveUrl12Modified>
|
|
<cveUrl20Modified>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-2.0-modified.xml</cveUrl20Modified>
|
|
<cveUrl12Base>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-%d.xml</cveUrl12Base>
|
|
<cveUrl20Base>http://internal-mirror.mycorp.com/downloads/nist/nvdcve-2.0-%d.xml</cveUrl20Base>
|
|
</configuration>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>check</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
...
|
|
</plugins>
|
|
...
|
|
</build>
|
|
...
|
|
</project>
|
|
</pre></div></div></div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<hr/>
|
|
|
|
<footer>
|
|
<div class="container-fluid">
|
|
<div class="row-fluid">
|
|
<p >Copyright © 2013–2014
|
|
<a href="http://www.owasp.org">OWASP</a>.
|
|
All rights reserved.
|
|
|
|
</p>
|
|
</div>
|
|
|
|
|
|
|
|
</div>
|
|
</footer>
|
|
</body>
|
|
</html>
|