Fork me on GitHub

Plugin Documentation

This report describes goals, parameters details, requirements and sample usage of this plugin.

Goals

Goals available for this plugin:

Goal Report? Description
dependency-check:aggregate Yes Maven Plugin that checks project dependencies and the dependencies of all child modules to see if they have any known published vulnerabilities.
dependency-check:check Yes Maven Plugin that checks the project dependencies to see if they have any known published vulnerabilities.
dependency-check:help No Display help information on dependency-check-maven.
Call mvn dependency-check:help -Ddetail=true -Dgoal=<goal-name> to display parameter details.
dependency-check:purge Yes Maven Plugin that purges the local copy of the NVD data.
dependency-check:update-only Yes Maven Plugin that updates the local cache of the NVD data from NIST.

System Requirements

The following specifies the minimum requirements to run this Maven plugin:

Maven 3.6.3
JDK 11

System Requirements History

The following specifies the minimum requirements to run this Maven plugin for historical versions:

Plugin Version Maven JDK
from 11.0.0 to 11.1.0 3.6.3 11
from 5.1.0 to 10.0.4 3.1.0 8
from 4.0.0 to 5.0.0 ${maven.api.version>} 8
from 3.3.0 to 3.3.4 ${maven.api.version>} 7
from 2.0.0 to 3.2.1 3.0 7
from 1.4.4 to 1.4.5 3.1 6
from 1.2.9 to 1.4.3 - 6
from 1.0.0 to 1.2.8 3.0 6

Usage

You should specify the version in your project's plugin configuration:

<project>
  ...
  <build>
    <!-- To define the plugin version in your parent POM -->
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.owasp</groupId>
          <artifactId>dependency-check-maven</artifactId>
          <version>11.1.0</version>
        </plugin>
        ...
      </plugins>
    </pluginManagement>
    <!-- To use the plugin goals in your POM or parent POM -->
    <plugins>
      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
      </plugin>
      ...
    </plugins>
  </build>
  ...
  <!-- To use the report goals in your POM or parent POM -->
  <reporting>
    <plugins>
      <plugin>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-maven</artifactId>
        <version>11.1.0</version>
      </plugin>
      ...
    </plugins>
  </reporting>
  ...
</project>

For more information, see "Guide to Configuring Plug-ins"