odc-analyzer/conf/application.conf.-example

# This configuration file is intended for development mode. If you want an example configuration for production, look at /production.conf-example
#
#
# ~~~~~

# Secret key
# ~~~~~
# The secret key is used to secure cryptographics functions.
#
# This must be changed for production, but we recommend not changing it in this file.
#
# See https://www.playframework.com/documentation/latest/ApplicationSecret for more details.
play.crypto.secret = "changeme"

# The application languages
# ~~~~~
play.i18n.langs = [ "en" ]

app{
  host = "localhost" # You have to configure the host there. If you don't do so, all accesses via host will be prohibited. This is a protection against DNS rebind attacks.
  secure = false # Use true iff you use HTTPS
  # brand = "Your brand" # optional
  # vulnerableLibraryAdvice = "If in doubt, contact our security team." # optional
}

yssdc{
  # Anyone who knows the cron key can start periodic tasks
  cronKey="{{ lookup('cron_token', 'play_secret length=64') }}"
  bamboo{
    url = …
  }
  reports {
    provider = "bamboo"
    bamboo{
      user = …
      password = …
    }
  }
  export{
    # Optional section: export to issue tracker
    issueTracker{
      provider: "jira"
      server: "http://…"
      projectId = 10000
      vulnerabilityIssueType = 10100
      authentication {
        type = "credentials"
        user = "…"
        password = "…"
      }
      newProjectAddedTransitionName: "Add new project"
      noRelevantProjectAffectedTransitionName: "No longer applicable"
      ticketFormatVersion: 1 // Increment this when you reconfigure the export format. In a future version, it should cause update of the issues.
      fields: {
        cweId: "customfield_10100"
        linkId: "customfield_10103"
        severityId: "customfield_10101"
        projectsId: "customfield_10200"
        teamsId: "customfield_10105"
        librariesId: "customfield_10110"
        constantFields: {
          "customfield_10102": {"id": "10100"}
        }
      }
    }
    # Optional section: email notifications
    email{
      from = "info@example.com"
      noSubscriberContact = "foobar@example.com"
      //optional: type = "digest" or type="vulnerabilities" (default); Digest is WIP.
    }
  }
  logSmells {
    // An example of analysis of logs. This one if for Maven and requires -X to be used for Maven scans.
    //centralLookup {
    //  patternType = "regex"
    //  pattern = "Searching Central url http(s?)://search\\.maven\\.org"
    //  message = "Maven Central lookup used. Enable usage of local repository, please."
    //}
  }
  projects = {jobId:humanReadableName, …}
  teams = […]
  exclusions{
    missingGAV{
      bySha1 = []
    }
  }
  projectsToTeams = {
    …
  }
  teamLeaders = { # all teams used here must be listed above
    team: leader,
    …
  }
}

# Router
# ~~~~~
# Define the Router object to use for this application.
# This router will be looked up first when the application is starting up,
# so make sure this is the entry point.
# Furthermore, it's assumed your route file is named properly.
# So for an application router like `my.application.Router`,
# you may need to define a router file `conf/my.application.routes`.
# Default to Routes in the root package (and conf/routes)
# play.http.router = my.application.Routes

# Database configuration
# ~~~~~
# You can declare as many datasources as you want.
# By convention, the default datasource is named `default`
#

slick.dbs.default {
  # Connection to internal database. It must be PostgreSQL.
  driver = "slick.driver.PostgresDriver$"
  db{
    url = "jdbc:postgresql://localhost/odca"
    user = …
    password = …
  }
}
slick.dbs.odc {
  # Connection to ODC database. It should be MySQL/MariaDB. H2 DB is not supported. PostgreSQL might work if you get ODC working with it, Other databases might be supported in future.
  driver = "slick.driver.MySQLDriver$"
  db {
    url = "jdbc:mysql://127.0.0.1/dependencycheck"
    # These credentials are default in ODC (but you might have changed them):
    user = "dcuser"
    password = "DC-Pass1337!"
  }
}

# Evolutions
# ~~~~~
# You can disable evolutions if needed
# play.evolutions.enabled=false

# You can disable evolutions for a specific datasource if necessary
# play.evolutions.db.default.enabled=false

# If you want a persistent cache for development (it should speed up reload cycles), you might want to uncomment and adjust the following lines:
#play.modules.disabled+="play.api.cache.EhCacheModule"
#play.cache.path = "/home/user/.cache/odc-analysis"

## [Optional] Path to OWASP Dependency Check
## Once you configure it, you enable some checking features. You also need Maven on PATH.
## (!) Note that some properties like DB credentials might be passed as arguments and thus available via /proc (depends on OS).
## (i) You will also need to configure contexts.odc-workers for this functionality.
# odc {
#   odcPath = "/path/to/dependency-check-X.Y.Z-release"
#   workingDirectory = "/path/to/odc/config" # [optional] directory ODC works in; you can use relative paths from this directory
#   propertyFile = "odc.props" # [optional] path to ODC property file
#   dotNetNugetSource = "https://path/to/your/nuget/proxy" # [optional]
#   extraArgs = [] # [optional] Unstable conf; This might be changed or removed without any notice!!!
#   cleanTmpDir = true # [optional] Keep temporary directory content for debugging
#   useDotNetCore = true # [optional] Use .NET Core for library scanning. You need dotnet executable on $PATH. This is currently useful for scanning of transitive dependencies.
# }

silhouette {
  # Authenticator settings
  authenticator.cookieName = "authenticator"
  authenticator.cookiePath = "/"
  authenticator.secureCookie=false # is ignored; overriden in app/controllers/AuthController.scala; But it must be present!
  authenticator.httpOnlyCookie = true
  authenticator.useFingerprinting = true
  authenticator.authenticatorIdleTimeout = 12 hours
  authenticator.authenticatorExpiry = 12 hours

  authenticator.rememberMe.cookieMaxAge = 30 days
  authenticator.rememberMe.authenticatorIdleTimeout = 5 days
  authenticator.rememberMe.authenticatorExpiry = 30 days

  credentialsVerificationService{
    type="allow-all" # accepts any credentials; allowed in dev mode only
    #type="external" # verifies credentials at the URL specified below
    #url="http://localhost:9050/"
  }
}

play{
  # needed if you want this app to send emails
  mailer{
    mock = true # If mock is true, mails are not actually sent, but just logged.
    // host = "…"
  }
}

#contexts {
#  odc-workers {
#    fork-join-executor {
#      parallelism-max = 2
#    }
#  }
#}