GitHub - albuch/sbt-dependency-check: SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈 (original) (raw)
dependencyCheckArchiveAnalyzerEnabled
Sets whether the Archive Analyzer will be used.
true
dependencyCheckZipExtensions
A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed.
dependencyCheckJarAnalyzerEnabled
Sets whether Jar Analyzer will be used.
true
dependencyCheckDartAnalyzerEnabled
Sets whether the experimental Dart analyzer is enabled. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckKnownExploitedEnabled
Sets whether the Known Exploited Vulnerability update and analyzer are enabled.
true
dependencyCheckKnownExploitedUrl
Sets URL to the CISA Known Exploited Vulnerabilities JSON data feed.
https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
dependencyCheckKnownExploitedValidForHours
Set the interval in hours until the next check for CISA Known Exploited Vulnerabilities JSON data feed is performed.
24
dependencyCheckCentralAnalyzerEnabled
Sets whether Central Analyzer will be used. If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer (see below).
false
dependencyCheckCentralAnalyzerUseCache
Sets whether the Central Analyer will cache results. Cached results expire after 30 days.
true
dependencyCheckOSSIndexAnalyzerEnabled
Sets whether the OSS Index Analyzer will be enabled.
true
dependencyCheckOSSIndexAnalyzerUrl
URL of the Sonatype OSS Index service.
dependencyCheckOSSIndexAnalyzerUseCache
Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours.
true
dependencyCheckOSSIndexAnalyzerUsername
The optional username to use for the Sonatype OSS Index service. Note: an account with OSS Index is not required.
dependencyCheckOSSIndexAnalyzerPassword
The optional password to use for the Sonatype OSS Index service.
dependencyCheckOSSIndexWarnOnlyOnRemoteErrors
Sets whether remote errors from the OSS Index (e.g. BAD GATEWAY, RATE LIMIT EXCEEDED) will result in warnings only instead of failing execution.
false
dependencyCheckNexusAnalyzerEnabled
Sets whether Nexus Analyzer will be used. This analyzer is superseded by the Central Analyzer; however, you can configure this to run against a Nexus Pro installation.
false
dependencyCheckNexusUrl
Defines the Nexus Server’s web service end point (example http://domain.enterprise/service/local/). If not set the Nexus Analyzer will be disabled.
https://repository.sonatype.org/service/local/
dependencyCheckNexusUsesProxy
Whether or not the defined proxy should be used when connecting to Nexus.
true
dependencyCheckNexusUser
The username to authenticate to the Nexus Server's web service end point. If not set the Nexus Analyzer will use an unauthenticated connection.
dependencyCheckNexusPassword
The password to authenticate to the Nexus Server's web service end point. If not set the Nexus Analyzer will use an unauthenticated connection.
dependencyCheckPyDistributionAnalyzerEnabled
Sets whether the experimental Python Distribution Analyzer will be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckPyPackageAnalyzerEnabled
Sets whether the experimental Python Package Analyzer will be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckRubygemsAnalyzerEnabled
Sets whether the experimental Ruby Gemspec Analyzer will be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckOpensslAnalyzerEnabled
Sets whether or not the openssl Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckCmakeAnalyzerEnabled
Sets whether or not the experimental CMake Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckAutoconfAnalyzerEnabled
Sets whether or not the experimental autoconf Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckMavenInstallAnalyzerEnabled
Sets whether or not the Maven install Analyzer should be used.
true
dependencyCheckPipAnalyzerEnabled
Sets whether or not the experimental pip Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckPipfileAnalyzerEnabled
Sets whether or not the experimental Pipfile Analyzer should be used dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckPoetryAnalyzerEnabled
Sets whether or not the experimental Poetry Analyzer should be used dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckComposerAnalyzerEnabled
Sets whether or not the experimental PHP Composer Lock File Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckCpanFileAnalyzerEnabled
Sets whether or not the experimental Perl CPAN File Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckNodeAnalyzerEnabled
Sets whether or not the retired Node.js Analyzer should be used.
false
dependencyCheckNodePackageSkipDevDependencies
Sets whether the Node.js Analyzer will skip devDependencies.
false
dependencyCheckNodeAuditAnalyzerEnabled
Sets whether or not the Node Audit Analyzer should be used.
true
dependencyCheckNodeAuditSkipDevDependencies
Sets whether the Node Audit Analyzer will skip devDependencies.
false
dependencyCheckNodeAuditAnalyzerUrl
Sets the The Node Audit API URL for the Node Audit Analyzer. If not set uses default URL.
https://registry.npmjs.org/-/npm/v1/security/audits
dependencyCheckNodeAuditAnalyzerUseCache
Sets whether the Node Audit Analyzer will cache results. Cached results expire after 24 hours.
true
dependencyCheckNPMCPEAnalyzerEnabled
Sets whether the or not the experimental NPM CPE Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckYarnAuditAnalyzerEnabled
Sets whether the Yarn Audit Analyzer should be used. This analyzer requires yarn and an internet connection. Use dependencyCheckNodeAuditSkipDevDependencies to skip dev dependencies.
true
dependencyCheckPathToYarn
Sets the path to the Yarn executable.
dependencyCheckPNPMAuditAnalyzerEnabled
Sets whether the Pnpm Audit Analyzer is enabled. This analyzer requires pnpm and an internet connection. Use nodeAuditSkipDevDependencies to skip dev dependencies.
true
dependencyCheckPathToPNPM
Sets the path to the pnpm executable.
dependencyCheckNuspecAnalyzerEnabled
Sets whether or not the .NET Nuget Nuspec Analyzer will be used.
true
dependencyCheckNugetConfAnalyzerEnabled
Sets whether the experimental .NET Nuget packages.config Analyzer will be used. dependencyCheckEnableExperimental must be set to true.
false
dependencyCheckCocoapodsEnabled
Sets whether or not the experimental Cocoapods Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckMixAuditAnalyzerEnabled
Sets whether or not the experimental Mix Audit Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
tue
dependencyCheckMixAuditPath
Sets the path to the mix_audit executable; only used if mix audit analyzer is enabled and experimental analyzers are enabled.
dependencyCheckSwiftEnabled
Sets whether or not the experimental Swift Package Manager Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckSwiftPackageResolvedAnalyzerEnabled
Sets whether or not the experimental Swift Package Resolved Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckBundleAuditEnabled
Sets whether or not the experimental Ruby Bundle Audit Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckPathToBundleAudit
The path to Ruby Bundle Audit.
dependencyCheckBundleAuditWorkingDirectory
Sets the path for the working directory that the Ruby Bundle Audit binary should be executed from.
dependencyCheckAssemblyAnalyzerEnabled
Sets whether or not the .NET Assembly Analyzer should be used.
true
dependencyCheckMSBuildAnalyzerEnabled
Sets whether the MSBuild Analyzer should be used.
true
dependencyCheckPathToDotNETCore
The path to .NET Core for .NET assembly analysis on non-windows systems.
dependencyCheckPEAnalyzerEnabled
Sets whether or not the experimental PE Analyzer that reads the PE headers of DLL and EXE files should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckRetireJSAnalyzerEnabled
Sets whether or not the RetireJS Analyzer should be used.
true
dependencyCheckRetireJSForceUpdate
Sets whether the RetireJS Analyzer should update regardless of the ´dependencyCheckAutoUpdate´ setting.
true
dependencyCheckRetireJSAnalyzerRepoJSUrl
Set the URL to the RetireJS repository. Note the file name must be jsrepository.json
https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
dependencyCheckRetireJsAnalyzerRepoUser
Username for authentication to connect to RetireJS URL.
dependencyCheckRetireJsAnalyzerRepoPassword
Password for authentication to connect to RetireJS URL.
dependencyCheckRetireJsAnalyzerRepoValidFor
Set the interval in hours until the next check for CVEs updates is performed by the RetireJS analyzer
24
dependencyCheckRetireJsAnalyzerFilters
Set one or more filters for the RetireJS analyzer.
dependencyCheckRetireJsAnalyzerFilterNonVulnerable
Sets whether or not the RetireJS analyzer should filter non-vulnerable dependencies
false
dependencyCheckArtifactoryAnalyzerEnabled
Sets whether or not the JFrog Artifactory analyzer will be used
false
dependencyCheckArtifactoryAnalyzerUrl
The Artifactory server URL.
dependencyCheckArtifactoryAnalyzerUseProxy
Sets whether Artifactory should be accessed through a proxy or not.
false
dependencyCheckArtifactoryAnalyzerParallelAnalysis
Sets whether the Artifactory analyzer should be run in parallel or not.
true
dependencyCheckArtifactoryAnalyzerUsername
The user name (only used with API token) to connect to Artifactory instance.
dependencyCheckArtifactoryAnalyzerApiToken
The API token to connect to Artifactory instance. Note: These settings should not be added to your local build.sbt file and commited to your code repository for security reasons. They can be added to ~/.sbt/<version>/global.sbt file instead
dependencyCheckArtifactoryAnalyzerBearerToken
The bearer token to connect to Artifactory instance. Note: These settings should not be added to your local build.sbt file and commited to your code repository for security reasons. They can be added to ~/.sbt/<version>/global.sbt file instead
dependencyCheckGolangDepEnabled
Sets whether or not the experimental Golang Dependency Analyzer should be used. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckGolangModEnabled
Sets whether or not the experimental Golang Module Analyzer should be used. Requires go to be installed. dependencyCheckEnableExperimental must be set to true.
true
dependencyCheckPathToGo
The path to the "go" runtime.