# This configuration file is intended for development mode. If you want an example configuration for production, look at /production.conf-example # # # ~~~~~ # Secret key # ~~~~~ # The secret key is used to secure cryptographics functions. # # This must be changed for production, but we recommend not changing it in this file. # # See https://www.playframework.com/documentation/latest/ApplicationSecret for more details. play.crypto.secret = "changeme" # The application languages # ~~~~~ play.i18n.langs = [ "en" ] app{ host = "localhost" # You have to configure the host there. If you don't do so, all accesses via host will be prohibited. This is a protection against DNS rebind attacks. secure = false # Use true iff you use HTTPS # brand = "Your brand" # optional # vulnerableLibraryAdvice = "If in doubt, contact our security team." # optional } yssdc{ # Anyone who knows the cron key can start periodic tasks cronKey="{{ lookup('cron_token', 'play_secret length=64') }}" bamboo{ url = … } reports { provider = "bamboo" bamboo{ user = … password = … } } export{ # Optional section: export to issue tracker issueTracker{ provider: "jira" server: "http://…" projectId = 10000 vulnerabilityIssueType = 10100 authentication { type = "credentials" user = "…" password = "…" } newProjectAddedTransitionName: "Add new project" noRelevantProjectAffectedTransitionName: "No longer applicable" ticketFormatVersion: 1 // Increment this when you reconfigure the export format. In a future version, it should cause update of the issues. fields: { cweId: "customfield_10100" linkId: "customfield_10103" severityId: "customfield_10101" projectsId: "customfield_10200" teamsId: "customfield_10105" librariesId: "customfield_10110" constantFields: { "customfield_10102": {"id": "10100"} } } } # Optional section: email notifications email{ from = "info@example.com" noSubscriberContact = "foobar@example.com" //optional: type = "digest" or type="vulnerabilities" (default); Digest is WIP. } } logSmells { // An example of analysis of logs. This one if for Maven and requires -X to be used for Maven scans. //centralLookup { // patternType = "regex" // pattern = "Searching Central url http(s?)://search\\.maven\\.org" // message = "Maven Central lookup used. Enable usage of local repository, please." //} } projects = {jobId:humanReadableName, …} teams = […] exclusions{ missingGAV{ bySha1 = [] } } projectsToTeams = { … } teamLeaders = { # all teams used here must be listed above team: leader, … } } # Router # ~~~~~ # Define the Router object to use for this application. # This router will be looked up first when the application is starting up, # so make sure this is the entry point. # Furthermore, it's assumed your route file is named properly. # So for an application router like `my.application.Router`, # you may need to define a router file `conf/my.application.routes`. # Default to Routes in the root package (and conf/routes) # play.http.router = my.application.Routes # Database configuration # ~~~~~ # You can declare as many datasources as you want. # By convention, the default datasource is named `default` # slick.dbs.default { # Connection to internal database. It must be PostgreSQL. driver = "slick.driver.PostgresDriver$" db{ url = "jdbc:postgresql://localhost/odca" user = … password = … } } slick.dbs.odc { # Connection to ODC database. It should be MySQL/MariaDB. H2 DB is not supported. PostgreSQL might work if you get ODC working with it, Other databases might be supported in future. driver = "slick.driver.MySQLDriver$" db { url = "jdbc:mysql://127.0.0.1/dependencycheck" # These credentials are default in ODC (but you might have changed them): user = "dcuser" password = "DC-Pass1337!" } } # Evolutions # ~~~~~ # You can disable evolutions if needed # play.evolutions.enabled=false # You can disable evolutions for a specific datasource if necessary # play.evolutions.db.default.enabled=false # If you want a persistent cache for development (it should speed up reload cycles), you might want to uncomment and adjust the following lines: #play.modules.disabled+="play.api.cache.EhCacheModule" #play.cache.path = "/home/user/.cache/odc-analysis" ## [Optional] Path to OWASP Dependency Check ## Once you configure it, you enable some checking features. You also need Maven on PATH. ## (!) Note that some properties like DB credentials might be passed as arguments and thus available via /proc (depends on OS). ## (i) You will also need to configure contexts.odc-workers for this functionality. # odc { # odcPath = "/path/to/dependency-check-X.Y.Z-release" # workingDirectory = "/path/to/odc/config" # [optional] directory ODC works in; you can use relative paths from this directory # propertyFile = "odc.props" # [optional] path to ODC property file # dotNetNugetSource = "https://path/to/your/nuget/proxy" # [optional] # extraArgs = [] # [optional] Unstable conf; This might be changed or removed without any notice!!! # cleanTmpDir = true # [optional] Keep temporary directory content for debugging # useDotNetCore = true # [optional] Use .NET Core for library scanning. You need dotnet executable on $PATH. This is currently useful for scanning of transitive dependencies. # } silhouette { # Authenticator settings authenticator.cookieName = "authenticator" authenticator.cookiePath = "/" authenticator.secureCookie=false # is ignored; overriden in app/controllers/AuthController.scala; But it must be present! authenticator.httpOnlyCookie = true authenticator.useFingerprinting = true authenticator.authenticatorIdleTimeout = 12 hours authenticator.authenticatorExpiry = 12 hours authenticator.rememberMe.cookieMaxAge = 30 days authenticator.rememberMe.authenticatorIdleTimeout = 5 days authenticator.rememberMe.authenticatorExpiry = 30 days credentialsVerificationService{ type="allow-all" # accepts any credentials; allowed in dev mode only #type="external" # verifies credentials at the URL specified below #url="http://localhost:9050/" } } play{ # needed if you want this app to send emails mailer{ mock = true # If mock is true, mails are not actually sent, but just logged. // host = "…" } } #contexts { # odc-workers { # fork-join-executor { # parallelism-max = 2 # } # } #}