Goals available for this plugin:
| Goal | Report? | Description |
|---|---|---|
| dependency-check:aggregate | Yes | Maven Plugin that checks project dependencies and the dependencies of all child modules to see if they have any known published vulnerabilities. |
| dependency-check:check | Yes | Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities. |
| dependency-check:help | No | Display help information on dependency-check-maven. Call mvn dependency-check:help -Ddetail=true -Dgoal=<goal-name> to display parameter details. |
| dependency-check:purge | Yes | Maven Plugin that purges the local copy of the NVD data. |
| dependency-check:update-only | Yes | Maven Plugin that updates the local cache of the NVD data from NIST. |
The following specifies the minimum requirements to run this Maven plugin:
| Maven | 3.1.0 |
| JDK | 1.8 |
You should specify the version in your project's plugin configuration:
<project>
...
<build>
<!-- To define the plugin version in your parent POM -->
<pluginManagement>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.2.1</version>
</plugin>
...
</plugins>
</pluginManagement>
<!-- To use the plugin goals in your POM or parent POM -->
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
</plugin>
...
</plugins>
</build>
...
<!-- To use the report goals in your POM or parent POM -->
<reporting>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.2.1</version>
</plugin>
...
</plugins>
</reporting>
...
</project>
For more information, see "Guide to Configuring Plug-ins"