The dependency-check-update task downloads and updates the local copy of the NVD. There are several reasons that one may want to use this task; primarily, creating an update that will be run only once a day or once every few days (but not greater than 7 days) and then use the autoUpdate="false" setting on individual dependency-check scans. See Internet Access Required for more information on why this task would be used.
<target name="dependency-check-update" description="Dependency-Check Update">
<dependency-check-update />
</target>
The following properties can be set on the dependency-check task.
| Property | Description | Default Value |
|---|---|---|
| proxyServer | The Proxy Server. | |
| proxyPort | The Proxy Port. | |
| proxyUsername | Defines the proxy user name. | |
| proxyPassword | Defines the proxy password. | |
| nonProxyHosts | Defines the hosts that will not be proxied. | |
| connectionTimeout | The URL Connection Timeout. | |
| failOnError | Whether the build should fail if there is an error executing the update | true |
The following properties can be configured in the plugin. However, they are less frequently changed. One exception may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment.
| Property | Description | Default Value |
|---|---|---|
| cveUrlModified | URL for the modified CVE JSON data feed. When mirroring the NVD you must mirror the *.json.gz and the *.meta files. | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-modified.json.gz |
| cveUrlBase | Base URL for each year’s CVE JSON data feed, the %d will be replaced with the year. | https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz |
| dataDirectory | Data directory that is used to store the local copy of the NVD. This should generally not be changed. | data |
| databaseDriverName | The name of the database driver. Example: org.h2.Driver. | |
| databaseDriverPath | The path to the database driver JAR file; only used if the driver is not in the class path. | |
| connectionString | The connection string used to connect to the database. See using a database server. | |
| databaseUser | The username used when connecting to the database. | |
| databasePassword | The password used when connecting to the database. |