Fork me on GitHub

Plugin Documentation

Goals available for this plugin:

Goal Report? Description
dependency-check:aggregate Yes Maven Plugin that checks project dependencies and the dependencies of all child modules to see if they have any known published vulnerabilities.
dependency-check:check Yes Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
dependency-check:help No Display help information on dependency-check-maven.
Call mvn dependency-check:help -Ddetail=true -Dgoal=<goal-name> to display parameter details.
dependency-check:purge Yes Maven Plugin that purges the local copy of the NVD data.
dependency-check:update-only Yes Maven Plugin that updates the local cache of the NVD data from NIST.

System Requirements

The following specifies the minimum requirements to run this Maven plugin:

Maven 3.1.0
JDK 1.8
Memory No minimum requirement.
Disk Space No minimum requirement.

Usage

You should specify the version in your project's plugin configuration:

<project>
  ...
  <build>
    <!-- To define the plugin version in your parent POM -->
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.owasp</groupId>
          <artifactId>dependency-check-maven</artifactId>
          <version>6.1.5</version>
        </plugin>
        ...
      </plugins>
    </pluginManagement>
    <!-- To use the plugin goals in your POM or parent POM -->
    <plugins>
      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>6.1.5</version>
      </plugin>
      ...
    </plugins>
  </build>
  ...
  <!-- To use the report goals in your POM or parent POM -->
  <reporting>
    <plugins>
      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>6.1.5</version>
      </plugin>
      ...
    </plugins>
  </reporting>
  ...
</project>

For more information, see "Guide to Configuring Plug-ins"