github-mirrors/odc-devaudit-dotnet
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-devaudit-dotnet.git synced 2026-01-16 00:34:19 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity
1 Commit 2 Branches 0 Tags
05b1e8caa4cef866fe903fc165b4be809dad82c7
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Šesták Vít 05b1e8caa4 Initial commit
2020-01-31 15:00:44 +01:00
src
Initial commit
2020-01-31 15:00:44 +01:00
pom.xml
Initial commit
2020-01-31 15:00:44 +01:00
README.md
Initial commit
2020-01-31 15:00:44 +01:00

README.md

Adds DevAudit scan to OWASP Dependency Check. It is an ODC plugin.

The plugin relies on index provided by nuget-indexer . The index is stored in ODC vulnerability database, so there is no need for extra configuration.

Config properties:

  • com.ysoft.dotnetEnhancer.enabled enables/disables the analyzers
  • com.ysoft.dotnetEnhancer.vulnerabilityMode CVE_ONLY uses description from NVD and ignores vulnerabilities without CVE; CVE_PREFERRED prefers description from NVD, but allows some best-effort output if CVE is not available; PURE_DA always uses data from DevAudit.
  • com.ysoft.dotnetEnhancer.devAuditPath Path to DevAudit folder. On Linux, it is expected that devaudit.exe is executable and binfmt is configured for running .NET binaries.
  • com.ysoft.dotnetEnhancer.strictSearch Raises exception instead of warning if a .NET library could not be found in index.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 6 MiB
Languages
Java 98.8%
Shell 1.2%