github-mirrors/odc-devaudit-dotnet
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-devaudit-dotnet.git synced 2026-01-14 07:44:01 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity
Files
master
odc-devaudit-dotnet/README.md
Šesták Vít cfe36c05a8 README update
2020-01-31 22:23:25 +01:00

14 lines
1.2 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# OWASP Dependency Check plugin for DevAudit
The plugin relies on index provided by [nuget-repository-indexer](https://github.com/ysoftdevs/nuget-repository-indexer) . The index is stored in database.
Config properties:
* com.ysoft.dotnetEnhancer.enabled enables/disables the analyzers
* com.ysoft.dotnetEnhancer.vulnerabilityMode CVE_ONLY uses description from NVD and ignores vulnerabilities without CVE; CVE_PREFERRED prefers description from NVD, but allows some best-effort output if CVE is not available; PURE_DA always uses data from DevAudit.
* com.ysoft.dotnetEnhancer.devAuditPath Path to DevAudit folder. On Linux, it is expected that devaudit.exe is executable and binfmt is configured for running .NET binaries.
* com.ysoft.dotnetEnhancer.strictSearch Raises exception instead of warning if a .NET library could not be found in index.
* com.ysoft.dotnetEnhancer.db.connectionString JDBC URL for connection to the nuget-repository-indexer database
* com.ysoft.dotnetEnhancer.db.userName username for DB specified in com.ysoft.dotnetEnhancer.db.connectionString
* com.ysoft.dotnetEnhancer.db.password password for DB specified in com.ysoft.dotnetEnhancer.db.connectionString
Reference in New Issue View Git Blame Copy Permalink