From cfe36c05a8aa289c13d1938f3fc31b6318c24f47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=A0est=C3=A1k=20V=C3=ADt?= Date: Fri, 31 Jan 2020 22:23:25 +0100 Subject: [PATCH] README update --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index eadff72..7f329ca 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -Adds DevAudit scan to OWASP Dependency Check. It is an ODC plugin. +# OWASP Dependency Check plugin for DevAudit -The plugin relies on index provided by nuget-indexer . The index is stored in ODC vulnerability database, so there is no need for extra configuration. +The plugin relies on index provided by [nuget-repository-indexer](https://github.com/ysoftdevs/nuget-repository-indexer) . The index is stored in database. Config properties: @@ -8,3 +8,6 @@ Config properties: * com.ysoft.dotnetEnhancer.vulnerabilityMode – CVE_ONLY uses description from NVD and ignores vulnerabilities without CVE; CVE_PREFERRED prefers description from NVD, but allows some best-effort output if CVE is not available; PURE_DA always uses data from DevAudit. * com.ysoft.dotnetEnhancer.devAuditPath – Path to DevAudit folder. On Linux, it is expected that devaudit.exe is executable and binfmt is configured for running .NET binaries. * com.ysoft.dotnetEnhancer.strictSearch – Raises exception instead of warning if a .NET library could not be found in index. +* com.ysoft.dotnetEnhancer.db.connectionString – JDBC URL for connection to the nuget-repository-indexer database +* com.ysoft.dotnetEnhancer.db.userName – username for DB specified in com.ysoft.dotnetEnhancer.db.connectionString +* com.ysoft.dotnetEnhancer.db.password – password for DB specified in com.ysoft.dotnetEnhancer.db.connectionString