github-mirrors/odc-devaudit-dotnet
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-devaudit-dotnet.git synced 2026-01-11 14:30:50 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity

README update

Browse Source
This commit is contained in:
Šesták Vít
2020-01-31 22:23:25 +01:00
parent 05b1e8caa4
commit cfe36c05a8
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -1,6 +1,6 @@
Adds DevAudit scan to OWASP Dependency Check. It is an ODC plugin.
# OWASP Dependency Check plugin for DevAudit
The plugin relies on index provided by nuget-indexer . The index is stored in ODC vulnerability database, so there is no need for extra configuration.
The plugin relies on index provided by [nuget-repository-indexer](https://github.com/ysoftdevs/nuget-repository-indexer) . The index is stored in database.
Config properties:
@@ -8,3 +8,6 @@ Config properties:
* com.ysoft.dotnetEnhancer.vulnerabilityMode CVE_ONLY uses description from NVD and ignores vulnerabilities without CVE; CVE_PREFERRED prefers description from NVD, but allows some best-effort output if CVE is not available; PURE_DA always uses data from DevAudit.
* com.ysoft.dotnetEnhancer.devAuditPath Path to DevAudit folder. On Linux, it is expected that devaudit.exe is executable and binfmt is configured for running .NET binaries.
* com.ysoft.dotnetEnhancer.strictSearch Raises exception instead of warning if a .NET library could not be found in index.
* com.ysoft.dotnetEnhancer.db.connectionString JDBC URL for connection to the nuget-repository-indexer database
* com.ysoft.dotnetEnhancer.db.userName username for DB specified in com.ysoft.dotnetEnhancer.db.connectionString
* com.ysoft.dotnetEnhancer.db.password password for DB specified in com.ysoft.dotnetEnhancer.db.connectionString