Note:This goal should be used as a Maven report.
Full name:
org.owasp:dependency-check-maven:8.2.1:aggregate
Description:
Attributes:
compile+runtime
.verify
.Name | Type | Since | Description |
---|---|---|---|
<failBuildOnAnyVulnerability> |
boolean |
- |
Deprecated. Fail the build if any dependency has a vulnerability listed. Default value is: false .User property is: failBuildOnAnyVulnerability . |
<failBuildOnCVSS> |
float |
- |
Specifies if the build should be failed if a CVSS score above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. Default value is: 11 .User property is: failBuildOnCVSS . |
<failOnError> |
boolean |
- |
Sets whether or not the mojo should fail if an error occurs. Default value is: true .User property is: failOnError . |
<format> |
String |
- |
The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF, JENKINS, ALL). Multiple formats can be selected using a comma delineated list. Default value is: HTML .User property is: format . |
<formats> |
String[] |
- |
The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF, JENKINS, ALL). Multiple formats can be selected using a comma delineated list. User property is: formats . |
<junitFailOnCVSS> |
float |
- |
Specifies the CVSS score that is considered a "test" failure when generating a jUnit style report. The default value is 0 - all vulnerabilities are considered a failure. Default value is: 0 .User property is: junitFailOnCVSS . |
<name> |
String |
- |
The name of the report in the site. Default value is: dependency-check:aggregate .User property is: name . |
<outputDirectory> |
File |
- |
The output directory. This generally maps to "target". Default value is: ${project.build.directory} .User property is: odc.outputDirectory . |
Name | Type | Since | Description |
---|---|---|---|
<archiveAnalyzerEnabled> |
Boolean |
- |
Whether or not the Archive Analyzer is enabled. User property is: archiveAnalyzerEnabled . |
<artifactoryAnalyzerApiToken> |
String |
- |
The API token to connect to Artifactory instance User property is: artifactoryAnalyzerApiToken . |
<artifactoryAnalyzerBearerToken> |
String |
- |
The bearer token to connect to Artifactory instance User property is: artifactoryAnalyzerBearerToken . |
<artifactoryAnalyzerEnabled> |
Boolean |
- |
Whether or not the Artifactory Analyzer is enabled. User property is: artifactoryAnalyzerEnabled . |
<artifactoryAnalyzerParallelAnalysis> |
Boolean |
- |
Whether the Artifactory analyzer should be run in parallel or not. Default value is: true .User property is: artifactoryAnalyzerParallelAnalysis . |
<artifactoryAnalyzerServerId> |
String |
- |
The serverId inside the settings.xml containing the username and token to access artifactory User property is: artifactoryAnalyzerServerId . |
<artifactoryAnalyzerUrl> |
String |
- |
The Artifactory URL for the Artifactory analyzer. User property is: artifactoryAnalyzerUrl . |
<artifactoryAnalyzerUseProxy> |
Boolean |
- |
Whether Artifactory should be accessed through a proxy or not User property is: artifactoryAnalyzerUseProxy . |
<artifactoryAnalyzerUsername> |
String |
- |
The username (only used with API token) to connect to Artifactory instance User property is: artifactoryAnalyzerUsername . |
<assemblyAnalyzerEnabled> |
Boolean |
- |
Whether or not the .NET Assembly Analyzer is enabled. User property is: assemblyAnalyzerEnabled . |
<autoconfAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the autoconf Analyzer should be used. User property is: autoconfAnalyzerEnabled . |
<autoUpdate> |
Boolean |
- |
Sets whether auto-updating of the NVD CVE/CPE data is enabled. It is not recommended that this be turned to false. Default is true. User property is: autoUpdate . |
<bundleAuditAnalyzerEnabled> |
Boolean |
- |
Whether or not the Ruby Bundle Audit Analyzer is enabled. User property is: bundleAuditAnalyzerEnabled . |
<bundleAuditPath> |
String |
- |
Sets the path for the bundle-audit binary. User property is: bundleAuditPath . |
<bundleAuditWorkingDirectory> |
String |
- |
Sets the path for the working directory that the bundle-audit binary should be executed from. User property is: bundleAuditWorkingDirectory . |
<centralAnalyzerEnabled> |
Boolean |
- |
Whether or not the Central Analyzer is enabled. User property is: centralAnalyzerEnabled . |
<centralAnalyzerUseCache> |
Boolean |
- |
Whether or not the Central Analyzer should use a local cache. User property is: centralAnalyzerUseCache . |
<cmakeAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the CMake Analyzer should be used. User property is: cmakeAnalyzerEnabled . |
<cocoapodsAnalyzerEnabled> |
Boolean |
- |
Whether or not the CocoaPods Analyzer is enabled. User property is: cocoapodsAnalyzerEnabled . |
<composerAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the PHP Composer Lock File Analyzer should be used. User property is: composerAnalyzerEnabled . |
<connectionString> |
String |
- |
The database connection string. User property is: connectionString . |
<connectionTimeout> |
String |
- |
The Connection Timeout. User property is: connectionTimeout . |
<cpanfileAnalyzerEnabled> |
Boolean |
- |
Whether or not the Perl CPAN File Analyzer is enabled. User property is: cpanfileAnalyzerEnabled . |
<cvePassword> |
String |
- |
The password to authenticate to the CVE-URL. User property is: cvePassword . |
<cveServerId> |
String |
- |
The server id in the settings.xml; used to retrieve encrypted passwords from the settings.xml for cve-URLs. User property is: cveServerId . |
<cveStartYear> |
Integer |
- |
Specify the first year of NVD CVE data to download; default is 2002. User property is: cveStartYear . |
<cveUrlBase> |
String |
- |
Base Data Mirror URL for CVE 1.2. User property is: cveUrlBase . |
<cveUrlModified> |
String |
- |
Data Mirror URL for CVE 1.2. User property is: cveUrlModified . |
<cveUser> |
String |
- |
The username to use when connecting to the CVE-URL. User property is: cveUser . |
<cveValidForHours> |
Integer |
- |
Optionally skip excessive CVE update checks for a designated duration in hours. User property is: cveValidForHours . |
<cveWaitTime> |
String |
- |
The wait timeout between downloading from the NVD. User property is: cveWaitTime . |
<dartAnalyzerEnabled> |
Boolean |
- |
Sets whether the Dart analyzer is enabled. Default is true. User property is: dartAnalyzerEnabled . |
<databaseDriverName> |
String |
- |
The database driver name. An example would be org.h2.Driver. User property is: databaseDriverName . |
<databaseDriverPath> |
String |
- |
The path to the database driver if it is not on the class path. User property is: databaseDriverPath . |
<databasePassword> |
String |
- |
The password to use when connecting to the database. User property is: databasePassword . |
<databaseUser> |
String |
- |
The database user name. User property is: databaseUser . |
<dataDirectory> |
String |
- |
The data directory, hold DC SQL DB. User property is: dataDirectory . |
<dbFilename> |
String |
- |
The name of the DC DB. User property is: dbFilename . |
<enableExperimental> |
Boolean |
- |
Sets whether Experimental analyzers are enabled. Default is false. User property is: enableExperimental . |
<enableRetired> |
Boolean |
- |
Sets whether retired analyzers are enabled. Default is false. User property is: enableRetired . |
<excludes> |
List<String> |
- |
The list of artifacts (and their transitive dependencies) to exclude from the check. User property is: odc.excludes . |
<golangDepEnabled> |
Boolean |
- |
Sets whether the Golang Dependency analyzer is enabled. Default is true. User property is: golangDepEnabled . |
<golangModEnabled> |
Boolean |
- |
Sets whether Golang Module Analyzer is enabled; this requires `go` to be installed. Default is true. User property is: golangModEnabled . |
<hintsFile> |
String |
- |
The path to the hints file. User property is: hintsFile . |
<hostedSuppressionsEnabled> |
Boolean |
- |
Whether the hosted suppressions file will be used. User property is: hostedSuppressionsEnabled . |
<hostedSuppressionsForceUpdate> |
Boolean |
- |
Whether the hosted suppressions file will be updated regardless of the `autoupdate` settings. User property is: hostedSuppressionsForceUpdate . |
<hostedSuppressionsUrl> |
String |
- |
The hosted suppressions file URL. User property is: hostedSuppressionsUrl . |
<hostedSuppressionsValidForHours> |
Integer |
- |
Skip excessive hosted suppression file update checks for a designated duration in hours (defaults to 2 hours). User property is: hostedSuppressionsValidForHours . |
<jarAnalyzerEnabled> |
Boolean |
- |
Whether or not the Jar Analyzer is enabled. User property is: jarAnalyzerEnabled . |
<knownExploitedEnabled> |
Boolean |
- |
Whether or not the Known Exploited Vulnerability Analyzer is enabled. User property is: knownExploitedEnabled . |
<knownExploitedUrl> |
String |
- |
The URL to the CISA Known Exploited Vulnerabilities JSON datafeed. User property is: knownExploitedUrl . |
<mavenInstallAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Maven install Analyzer should be used. User property is: mavenInstallAnalyzerEnabled . |
<mavenSettings> |
Settings |
- |
The Maven settings. Default value is: ${settings} .User property is: mavenSettings . |
<mavenSettingsProxyId> |
String |
- |
The maven settings proxy id. User property is: mavenSettingsProxyId . |
<mixAuditAnalyzerEnabled> |
Boolean |
- |
Whether or not the Elixir Mix Audit Analyzer is enabled. User property is: mixAuditAnalyzerEnabled . |
<mixAuditPath> |
String |
- |
Sets the path for the mix_audit binary. User property is: mixAuditPath . |
<msbuildAnalyzerEnabled> |
Boolean |
- |
Whether or not the MS Build Analyzer is enabled. User property is: msbuildAnalyzerEnabled . |
<nexusAnalyzerEnabled> |
Boolean |
- |
Whether or not the Nexus Analyzer is enabled. User property is: nexusAnalyzerEnabled . |
<nexusServerId> |
String |
- |
The id of a server defined in the settings.xml that configures the credentials (username and password) for a Nexus server's REST API end point. When not specified the communication with the Nexus server's REST API will be unauthenticated. User property is: nexusServerId . |
<nexusUrl> |
String |
- |
The URL of a Nexus server's REST API end point (http://domain/nexus/service/local). User property is: nexusUrl . |
<nexusUsesProxy> |
Boolean |
- |
Whether or not the configured proxy is used to connect to Nexus. User property is: nexusUsesProxy . |
<nodeAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Node.js Analyzer should be used. User property is: nodeAnalyzerEnabled . |
<nodeAuditAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Node Audit Analyzer should be used. User property is: nodeAuditAnalyzerEnabled . |
<nodeAuditAnalyzerUrl> |
String |
- |
The Node Audit API URL for the Node Audit Analyzer. User property is: nodeAuditAnalyzerUrl . |
<nodeAuditAnalyzerUseCache> |
Boolean |
- |
Sets whether or not the Node Audit Analyzer should use a local cache. User property is: nodeAuditAnalyzerUseCache . |
<nodeAuditSkipDevDependencies> |
Boolean |
- |
Sets whether or not the Node Audit Analyzer should skip devDependencies. User property is: nodeAuditSkipDevDependencies . |
<nodePackageSkipDevDependencies> |
Boolean |
- |
Sets whether or not the Node.js Analyzer should skip devDependencies. User property is: nodePackageSkipDevDependencies . |
<nugetconfAnalyzerEnabled> |
Boolean |
- |
Whether or not the .NET packages.config Analyzer is enabled. User property is: nugetconfAnalyzerEnabled . |
<nuspecAnalyzerEnabled> |
Boolean |
- |
Whether or not the .NET Nuspec Analyzer is enabled. User property is: nuspecAnalyzerEnabled . |
<opensslAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the openssl Analyzer should be used. User property is: opensslAnalyzerEnabled . |
<ossindexAnalyzerEnabled> |
Boolean |
- |
Whether or not the Sonatype OSS Index analyzer is enabled. User property is: ossindexAnalyzerEnabled . |
<ossindexAnalyzerUrl> |
String |
- |
URL of the Sonatype OSS Index service. User property is: ossindexAnalyzerUrl . |
<ossindexAnalyzerUseCache> |
Boolean |
- |
Whether or not the Sonatype OSS Index analyzer should cache results. User property is: ossindexAnalyzerUseCache . |
<ossIndexServerId> |
String |
- |
The id of a server defined in the settings.xml that configures the credentials (username and password) for a OSS Index service. User property is: ossIndexServerId . |
<ossIndexWarnOnlyOnRemoteErrors> |
Boolean |
- |
Whether we should only warn about Sonatype OSS Index remote errors instead of failing the goal completely. User property is: ossIndexWarnOnlyOnRemoteErrors . |
<pathToCore> |
String |
- |
The path to dotnet core. User property is: pathToCore . |
<pathToGo> |
String |
- |
Sets the path to `go`. User property is: pathToGo . |
<pathToPnpm> |
String |
- |
Sets the path to `pnpm`. User property is: pathToPnpm . |
<pathToYarn> |
String |
- |
Sets the path to `yarn`. User property is: pathToYarn . |
<pipAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the pip Analyzer should be used. User property is: pipAnalyzerEnabled . |
<pipfileAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the pipfile Analyzer should be used. User property is: pipfileAnalyzerEnabled . |
<pnpmAuditAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Pnpm Audit Analyzer should be used. User property is: pnpmAuditAnalyzerEnabled . |
<poetryAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the poetry Analyzer should be used. User property is: poetryAnalyzerEnabled . |
<prettyPrint> |
Boolean |
- |
Whether or not the XML and JSON report formats should be pretty printed. The default is false. User property is: prettyPrint . |
<pyDistributionAnalyzerEnabled> |
Boolean |
- |
Sets whether the Python Distribution Analyzer will be used. User property is: pyDistributionAnalyzerEnabled . |
<pyPackageAnalyzerEnabled> |
Boolean |
- |
Sets whether the Python Package Analyzer will be used. User property is: pyPackageAnalyzerEnabled . |
<readTimeout> |
String |
- |
The Read Timeout. User property is: readTimeout . |
<retirejs> |
Retirejs |
- |
The RetireJS Analyzer configuration:
filters: an array of filter patterns that are used to exclude JS files that contain a match filterNonVulnerable: a boolean that when true will remove non-vulnerable JS from the report Example: <retirejs> <filters> <filter>copyright 2018\(c\) Jeremy Long</filter> </filters> <filterNonVulnerable>true</filterNonVulnerable> </retirejs> User property is: retirejs . |
<retireJsAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Retirejs Analyzer should be used. User property is: retireJsAnalyzerEnabled . |
<retireJsForceUpdate> |
Boolean |
- |
Whether the Retire JS repository will be updated regardless of the `autoupdate` settings. User property is: retireJsForceUpdate . |
<retireJsPassword> |
String |
- |
The password to authenticate to the CVE-URL. User property is: retireJsPassword . |
<retireJsUrl> |
String |
- |
The Retire JS repository URL. User property is: retireJsUrl . |
<retireJsUrlServerId> |
String |
- |
The server id in the settings.xml; used to retrieve encrypted passwords from the settings.xml for cve-URLs. User property is: retireJsUrlServerId . |
<retireJsUser> |
String |
- |
The username to use when connecting to the CVE-URL. User property is: retireJsUser . |
<rubygemsAnalyzerEnabled> |
Boolean |
- |
Sets whether the Ruby Gemspec Analyzer will be used. User property is: rubygemsAnalyzerEnabled . |
<scanDependencies> |
boolean |
- |
Whether the project's dependencies should also be scanned. Default value is: true .User property is: odc.dependencies.scan . |
<scanDirectory> |
List<String> |
- |
A list of directories to scan. Note, this should only be used via the command line - if configuring the directories to scan consider using the `scanSet` instead. User property is: scanDirectory . |
<scanPlugins> |
boolean |
- |
Whether the project's plugins should also be scanned. Default value is: false .User property is: odc.plugins.scan . |
<scanSet> |
List<FileSet> |
- |
An collection of fileSet s that specify additional files and/or directories (from the basedir) to analyze as part of the scan. If not specified, defaults to Maven conventions of: src/main/resources, src/main/filters, and src/main/webapp. Note, this cannot be set via the command line - use `scanDirectory` instead. |
<serverId> |
String |
- |
The server id in the settings.xml; used to retrieve encrypted passwords from the settings.xml. User property is: serverId . |
<showSummary> |
boolean |
- |
Flag indicating whether or not to show a summary in the output. Default value is: true .User property is: showSummary . |
<skip> |
boolean |
- |
Skip Dependency Check altogether. Default value is: false .User property is: dependency-check.skip . |
<skipArtifactType> |
String |
- |
Skip analysis for dependencies which type matches this regular expression. This filters on the `type` of dependency as defined in the dependency section: jar, pom, test-jar, etc. User property is: skipArtifactType . |
<skipDependencyManagement> |
boolean |
- |
Skip Analysis for dependencyManagement section. Default value is: true .User property is: skipDependencyManagement . |
<skipProvidedScope> |
boolean |
- |
Skip Analysis for Provided Scope Dependencies. Default value is: false .User property is: skipProvidedScope . |
<skipRuntimeScope> |
boolean |
- |
Skip Analysis for Runtime Scope Dependencies. Default value is: false .User property is: skipRuntimeScope . |
<skipSystemScope> |
boolean |
- |
Skip Analysis for System Scope Dependencies. Default value is: false .User property is: skipSystemScope . |
<skipTestScope> |
boolean |
- |
Skip Analysis for Test Scope Dependencies. Default value is: true .User property is: skipTestScope . |
<suppressionFile> |
String |
- |
The paths to the suppression file. The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) User property is: suppressionFile . |
<suppressionFilePassword> |
String |
- |
The password used when connecting to the suppressionFiles. User property is: suppressionFilePassword . |
<suppressionFiles> |
String[] |
- |
The paths to the suppression files. The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) User property is: suppressionFiles . |
<suppressionFileServerId> |
String |
- |
The server id in the settings.xml; used to retrieve encrypted passwords from the settings.xml for suppressionFile(s). User property is: suppressionFileServerId . |
<suppressionFileUser> |
String |
- |
The username used when connecting to the suppressionFiles. User property is: suppressionFileUser . |
<swiftPackageManagerAnalyzerEnabled> |
Boolean |
- |
Whether or not the Swift package Analyzer is enabled. User property is: swiftPackageManagerAnalyzerEnabled . |
<swiftPackageResolvedAnalyzerEnabled> |
Boolean |
- |
Whether or not the Swift package resolved Analyzer is enabled. User property is: swiftPackageResolvedAnalyzerEnabled . |
<versionCheckEnabled> |
boolean |
- |
Sets whether dependency-check should check if there is a new version available. Default value is: true .User property is: versionCheckEnabled . |
<virtualSnapshotsFromReactor> |
Boolean |
- |
Use pom dependency information for snapshot dependencies that are part of the Maven reactor while aggregate scanning a multi-module project. Default value is: true .User property is: dependency-check.virtualSnapshotsFromReactor . |
<yarnAuditAnalyzerEnabled> |
Boolean |
- |
Sets whether or not the Yarn Audit Analyzer should be used. User property is: yarnAuditAnalyzerEnabled . |
<zipExtensions> |
String |
- |
A comma-separated list of file extensions to add to analysis next to jar, zip, .... User property is: zipExtensions . |
java.lang.Boolean
No
archiveAnalyzerEnabled
java.lang.String
No
artifactoryAnalyzerApiToken
java.lang.String
No
artifactoryAnalyzerBearerToken
java.lang.Boolean
No
artifactoryAnalyzerEnabled
java.lang.Boolean
No
artifactoryAnalyzerParallelAnalysis
true
java.lang.String
No
artifactoryAnalyzerServerId
java.lang.String
No
artifactoryAnalyzerUrl
java.lang.Boolean
No
artifactoryAnalyzerUseProxy
java.lang.String
No
artifactoryAnalyzerUsername
java.lang.Boolean
No
assemblyAnalyzerEnabled
java.lang.Boolean
No
autoconfAnalyzerEnabled
java.lang.Boolean
No
autoUpdate
java.lang.Boolean
No
bundleAuditAnalyzerEnabled
java.lang.String
No
bundleAuditPath
java.lang.String
No
bundleAuditWorkingDirectory
java.lang.Boolean
No
centralAnalyzerEnabled
java.lang.Boolean
No
centralAnalyzerUseCache
java.lang.Boolean
No
cmakeAnalyzerEnabled
java.lang.Boolean
No
cocoapodsAnalyzerEnabled
java.lang.Boolean
No
composerAnalyzerEnabled
java.lang.String
No
connectionString
java.lang.String
No
connectionTimeout
java.lang.Boolean
No
cpanfileAnalyzerEnabled
java.lang.String
No
cvePassword
java.lang.String
No
cveServerId
java.lang.Integer
No
cveStartYear
java.lang.String
No
cveUrlBase
java.lang.String
No
cveUrlModified
java.lang.String
No
cveUser
java.lang.Integer
No
cveValidForHours
java.lang.String
No
cveWaitTime
java.lang.Boolean
No
dartAnalyzerEnabled
java.lang.String
No
databaseDriverName
java.lang.String
No
databaseDriverPath
java.lang.String
No
databasePassword
java.lang.String
No
databaseUser
java.lang.String
No
dataDirectory
java.lang.String
No
dbFilename
java.lang.Boolean
No
enableExperimental
java.lang.Boolean
No
enableRetired
java.util.List<java.lang.String>
No
odc.excludes
failBuildOnCVSS
with a value of 0 insteadboolean
Yes
failBuildOnAnyVulnerability
false
float
Yes
failBuildOnCVSS
11
boolean
Yes
failOnError
true
java.lang.String
Yes
format
HTML
java.lang.String[]
Yes
formats
java.lang.Boolean
No
golangDepEnabled
java.lang.Boolean
No
golangModEnabled
java.lang.String
No
hintsFile
java.lang.Boolean
No
hostedSuppressionsEnabled
java.lang.Boolean
No
hostedSuppressionsForceUpdate
java.lang.String
No
hostedSuppressionsUrl
java.lang.Integer
No
hostedSuppressionsValidForHours
java.lang.Boolean
No
jarAnalyzerEnabled
float
Yes
junitFailOnCVSS
0
java.lang.Boolean
No
knownExploitedEnabled
java.lang.String
No
knownExploitedUrl
java.lang.Boolean
No
mavenInstallAnalyzerEnabled
org.apache.maven.settings.Settings
No
mavenSettings
${settings}
java.lang.String
No
mavenSettingsProxyId
java.lang.Boolean
No
mixAuditAnalyzerEnabled
java.lang.String
No
mixAuditPath
java.lang.Boolean
No
msbuildAnalyzerEnabled
java.lang.String
Yes
name
dependency-check:aggregate
java.lang.Boolean
No
nexusAnalyzerEnabled
java.lang.String
No
nexusServerId
java.lang.String
No
nexusUrl
java.lang.Boolean
No
nexusUsesProxy
java.lang.Boolean
No
nodeAnalyzerEnabled
java.lang.Boolean
No
nodeAuditAnalyzerEnabled
java.lang.String
No
nodeAuditAnalyzerUrl
java.lang.Boolean
No
nodeAuditAnalyzerUseCache
java.lang.Boolean
No
nodeAuditSkipDevDependencies
java.lang.Boolean
No
nodePackageSkipDevDependencies
java.lang.Boolean
No
nugetconfAnalyzerEnabled
java.lang.Boolean
No
nuspecAnalyzerEnabled
java.lang.Boolean
No
opensslAnalyzerEnabled
java.lang.Boolean
No
ossindexAnalyzerEnabled
java.lang.String
No
ossindexAnalyzerUrl
java.lang.Boolean
No
ossindexAnalyzerUseCache
java.lang.String
No
ossIndexServerId
java.lang.Boolean
No
ossIndexWarnOnlyOnRemoteErrors
java.io.File
Yes
odc.outputDirectory
${project.build.directory}
java.lang.String
No
pathToCore
java.lang.String
No
pathToGo
java.lang.String
No
pathToPnpm
java.lang.String
No
pathToYarn
java.lang.Boolean
No
pipAnalyzerEnabled
java.lang.Boolean
No
pipfileAnalyzerEnabled
java.lang.Boolean
No
pnpmAuditAnalyzerEnabled
java.lang.Boolean
No
poetryAnalyzerEnabled
java.lang.Boolean
No
prettyPrint
java.lang.Boolean
No
pyDistributionAnalyzerEnabled
java.lang.Boolean
No
pyPackageAnalyzerEnabled
java.lang.String
No
readTimeout
filters: an array of filter patterns that are used to exclude JS files that contain a match filterNonVulnerable: a boolean that when true will remove non-vulnerable JS from the report Example: <retirejs> <filters> <filter>copyright 2018\(c\) Jeremy Long</filter> </filters> <filterNonVulnerable>true</filterNonVulnerable> </retirejs>
org.owasp.dependencycheck.maven.Retirejs
No
retirejs
java.lang.Boolean
No
retireJsAnalyzerEnabled
java.lang.Boolean
No
retireJsForceUpdate
java.lang.String
No
retireJsPassword
java.lang.String
No
retireJsUrl
java.lang.String
No
retireJsUrlServerId
java.lang.String
No
retireJsUser
java.lang.Boolean
No
rubygemsAnalyzerEnabled
boolean
No
odc.dependencies.scan
true
java.util.List<java.lang.String>
No
scanDirectory
boolean
No
odc.plugins.scan
false
fileSet
s that specify additional files and/or directories (from the basedir) to analyze as part of the scan. If not specified, defaults to Maven conventions of: src/main/resources, src/main/filters, and src/main/webapp. Note, this cannot be set via the command line - use `scanDirectory` instead.java.util.List<org.apache.maven.shared.model.fileset.FileSet>
No
java.lang.String
No
serverId
boolean
No
showSummary
true
boolean
No
dependency-check.skip
false
java.lang.String
No
skipArtifactType
boolean
No
skipDependencyManagement
true
boolean
No
skipProvidedScope
false
boolean
No
skipRuntimeScope
false
boolean
No
skipSystemScope
false
boolean
No
skipTestScope
true
java.lang.String
No
suppressionFile
java.lang.String
No
suppressionFilePassword
java.lang.String[]
No
suppressionFiles
java.lang.String
No
suppressionFileServerId
java.lang.String
No
suppressionFileUser
java.lang.Boolean
No
swiftPackageManagerAnalyzerEnabled
java.lang.Boolean
No
swiftPackageResolvedAnalyzerEnabled
boolean
No
versionCheckEnabled
true
java.lang.Boolean
No
dependency-check.virtualSnapshotsFromReactor
true
java.lang.Boolean
No
yarnAuditAnalyzerEnabled
java.lang.String
No
zipExtensions