github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9fb3ffbd33d5be4a2c12e3583b65e8ea874e8388
DependencyCheck/nexus-analyzer.html
Jeremy Long ab20a44a32 version 1.2.6 of the site documentation
2014-11-16 12:25:43 -05:00

324 lines
13 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia at 2014-11-16
| Rendered using Apache Maven Fluido Skin 1.3.1
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Revision-yyyymmdd" content="20141116" />
<meta http-equiv="Content-Language" content="en" />
<title>dependency-check - Nexus Analyzer</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script>
<style type="text/css">#bannerLeft { margin-top:50px !important }</style>
</head>
<body class="topBarDisabled">
<a href="http://github.com/jeremylong/DependencyCheck">
<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
alt="Fork me on GitHub">
</a>
<div class="container-fluid">
<div id="banner">
<div class="pull-left">
<div id="bannerLeft">
<h2>dependency-check</h2>
</div>
</div>
<div class="pull-right"> </div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class="">
<a href="#" title="">
</a>
<span class="divider">/</span>
</li>
<li class="active ">Nexus Analyzer</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2014-11-16</li>
<li id="projectVersion" class="pull-right">
Version: 1.2.6
</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span3">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Project Documentation</li>
<li>
<a href="project-info.html" title="Project Information">
<i class="icon-chevron-right"></i>
Project Information</a>
</li>
<li class="nav-header">General</li>
<li>
<a href="internals.html" title="How it Works">
<i class="none"></i>
How it Works</a>
</li>
<li>
<a href="thereport.html" title="Reading the Report">
<i class="none"></i>
Reading the Report</a>
</li>
<li>
<a href="suppression.html" title="False Positives">
<i class="none"></i>
False Positives</a>
</li>
<li>
<a href="dependency-check.pptx" title="Project Presentation (pptx)">
<i class="none"></i>
Project Presentation (pptx)</a>
</li>
<li>
<a href="dependency-check.pdf" title="Project Presentation (pdf)">
<i class="none"></i>
Project Presentation (pdf)</a>
</li>
<li>
<a href="SampleReport.html" title="Sample Report">
<i class="none"></i>
Sample Report</a>
</li>
<li class="nav-header">File Type Analyzers</li>
<li>
<a href="archive-analyzer.html" title="Archive Analyzer">
<i class="none"></i>
Archive Analyzer</a>
</li>
<li>
<a href="jar-analyzer.html" title="Jar Analyzer">
<i class="none"></i>
Jar Analyzer</a>
</li>
<li class="active">
<a href="#"><i class="none"></i>Nexus Analyzer</a>
</li>
<li>
<a href="assembly-analyzer.html" title="Assembly Analyzer">
<i class="none"></i>
Assembly Analyzer</a>
</li>
<li>
<a href="nuspec-analyzer.html" title="Nuspec Analyzer">
<i class="none"></i>
Nuspec Analyzer</a>
</li>
<li class="nav-header">Modules</li>
<li>
<a href="dependency-check-cli/installation.html" title="dependency-check-cli">
<i class="none"></i>
dependency-check-cli</a>
</li>
<li>
<a href="dependency-check-ant/installation.html" title="dependency-check-ant">
<i class="none"></i>
dependency-check-ant</a>
</li>
<li>
<a href="dependency-check-maven/usage.html" title="dependency-check-maven">
<i class="none"></i>
dependency-check-maven</a>
</li>
<li>
<a href="dependency-check-jenkins/index.html" title="dependency-check-jenkins">
<i class="none"></i>
dependency-check-jenkins</a>
</li>
<li>
<a href="dependency-check-core/index.html" title="dependency-check-core">
<i class="none"></i>
dependency-check-core</a>
</li>
<li>
<a href="dependency-check-utils/index.html" title="dependency-check-utils">
<i class="none"></i>
dependency-check-utils</a>
</li>
</ul>
<hr />
<div id="poweredBy">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
<div class="g-plusone" data-href="https://github.com/jeremylong/DependencyCheck.git" data-size="tall" ></div>
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/ctxt" class="twitter-follow-button" data-show-count="true" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow ctxt</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Maven" class="builtBy">
<img class="builtBy" alt="built with maven" src="http://jeremylong.github.io/DependencyCheck/images/logos/maven-feather.png" />
</a>
<a href="http://www.jetbrains.com/idea/" title="IntelliJ" class="builtBy">
<img class="builtBy" alt="developed using" src="http://jeremylong.github.io/DependencyCheck/images/logos/logo_intellij_idea.png" width="170px" />
</a>
<a href="http://www.cloudbees.com/" title="Cloudbees" class="builtBy">
<img class="builtBy" alt="built on cloudbees" src="http://jeremylong.github.io/DependencyCheck/images/logos/Button-Built-on-CB-1.png" />
</a>
</div>
</div>
</div>
<div id="bodyColumn" class="span9" >
<h1>Nexus Analyzer</h1>
<p>Dependency-check includes an analyzer that will check for the Maven GAV (Group/Artifact/Version) information for artifacts in the scanned area. By default the information comes from <a class="externalLink" href="http://search.maven.org/" title="Maven Central">Maven Central</a>, but can be configured to use a local repository if necessary. If the artifact&#x2019;s hash is found in the configured Nexus repository, its GAV is recorded as an Identifier and the Group is collected as Vendor evidence, the Artifact is collected as Product evidence, and the Version is collected as Version evidence.</p>
<div class="section">
<h2>Default Configuration<a name="Default_Configuration"></a></h2>
<p>By default, the Nexus analyzer uses the <a class="externalLink" href="https://repository.sonatype.org/" title="Sonatype Nexus Repository">Sonatype Nexus Repository</a> to search for SHA-1 hashes of dependencies. If the proxy is configured for Dependency Check, that proxy is used in order to connect to the Nexus Central repository. So if you&#x2019;re using <tt>--proxyurl</tt> on the command-line, the <tt>proxyUrl</tt> setting in the Maven plugin, or the <tt>proxyUrl</tt> attribute in the Ant task, that proxy will be used by default. Also, the proxy port, user, and password configured globally are used as well.</p></div>
<div class="section">
<h2>Overriding Defaults<a name="Overriding_Defaults"></a></h2>
<p>If you have an internal Nexus repository you want to use, Dependency Check can be configured to use this repository rather than Sonatype. This needs to be a Nexus repository (support for Artifactory is planned). For a normal installation of Nexus, you would append <tt>/service/local/</tt> to the root of the URL to your Nexus repository. This URL can be set as:</p>
<ul>
<li><tt>analyzer.nexus.url</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--nexus &lt;url&gt;</tt> in the CLI</li>
<li>The <tt>nexusUrl</tt> property in the Maven plugin</li>
<li>The <tt>nexusUrl</tt> attribute in the Ant task</li>
</ul>
<p>If this repository is internal and should not use the proxy, you can disable the proxy for just the Nexus analyzer. Setting this makes no difference if a proxy is not configured.</p>
<ul>
<li><tt>analyzer.nexus.proxy=false</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--nexusUsesProxy false</tt> in the CLI</li>
<li>The <tt>nexusUsesProxy</tt> property in the Maven plugin</li>
<li>The <tt>nexusUsesProxy</tt> attribute in the Ant task</li>
</ul>
<p>Finally, the Nexus analyzer can be disabled altogether.</p>
<ul>
<li><tt>analyzer.nexus.enabled=false</tt> in <tt>dependencycheck.properties</tt></li>
<li><tt>--disableNexus</tt> in the CLI</li>
<li><tt>nexusAnalyzerEnabled</tt> property in the Maven plugin</li>
<li><tt>nexusAnalyzerEnabled</tt> attribute in the Ant task</li>
</ul></div>
<div class="section">
<h2>Logging<a name="Logging"></a></h2>
<p>You may see a log message similar to the following during analysis:</p>
<div class="source">
<pre>Mar 31, 2014 9:15:12 AM org.owasp.dependencycheck.analyzer.NexusAnalyzer initializeFileTypeAnalyzer
WARNING: There was an issue getting Nexus status. Disabling analyzer.
</pre></div>
<p>At the beginning of analysis, a check is made by the Nexus analyzer to see if it is able to reach the configured Nexus service, and if it cannot be reached, the analyzer will be disabled. If you see this message, you can use the configuration settings described above to resolve the issue, or disable the analyzer altogether.</p></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<p >Copyright &copy; 2012&#x2013;2014
<a href="http://www.owasp.org">OWASP</a>.
All rights reserved.
</p>
</div>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink