Fork me on GitHub


Task Description
dependencyCheckAnalyze Runs dependency-check against the project and generates a report.
dependencyCheckAggregate Runs dependency-check against a multi-project build and generates a report.
dependencyCheckUpdate Updates the local cache of the NVD data from NIST.
dependencyCheckPurge Deletes the local copy of the NVD. This is used to force a refresh of the data.


buildscript {
    repositories {
    dependencies {
        classpath 'org.owasp:dependency-check-gradle:${project.version}'
apply plugin: 'org.owasp.dependencycheck'

check.dependsOn dependencyCheckUpdate
Property Description Default Value
cveValidForHours Sets the number of hours to wait before checking for new updates from the NVD. 4
failOnError Fails the build if an error occurs during the dependency-check analysis. true


dependencyCheck {

Proxy Configuration

Config Group Property Description Default Value
proxy server The proxy server; see the proxy configuration page for more information.  
proxy port The proxy port.  
proxy username Defines the proxy user name.  
proxy password Defines the proxy password.  
proxy nonProxyHosts The list of hosts that do not use a proxy.  


dependencyCheck {
    proxy {

Advanced Configuration

The following properties can be configured in the dependencyCheck task. However, they are less frequently changed. One exception may be the cvedUrl properties, which can be used to host a mirror of the NVD within an enterprise environment. Note, if ANY of the cve configuration group are set - they should all be set to ensure things work as expected.

Config Group Property Description Default Value
cve urlModified URL for the modified CVE JSON data feed.
cve urlBase Base URL for each year's CVE JSON data feed, the %d will be replaced with the year.
cve waitTime The time in milliseconds to wait between downloads from the NVD. 4000
cve startYear The first year of NVD CVE data to download from the NVD. 2002
data directory Sets the data directory to hold SQL CVEs contents. This should generally not be changed.  
data driver The name of the database driver. Example: org.h2.Driver.  
data driverPath The path to the database driver JAR file; only used if the driver is not in the class path.  
data connectionString The connection string used to connect to the database. See using a database server.  
data username The username used when connecting to the database.  
data password The password used when connecting to the database.  


dependencyCheck {
    data {