Skip to content

Commit

Permalink
chore(docs): Document Gradle plugin support for failBuildOnUnusedSupp…
Browse files Browse the repository at this point in the history 
…ressionRule (#7307)
  • Loading branch information
@jeremylong
jeremylong authored Jan 15, 2025
2 parents 92d25e0 + 7286a4b commit 0ec89c5
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 24 deletions.
2 changes: 1 addition & 1 deletion ant/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ The following properties can be set on the dependency-check task.
enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false
enableRetired | Enable the [retired analyzers](../analyzers/index.html). If not enabled the retired analyzers (see below) will not be loaded or used. | false
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0
failBuildOnUnusedSuppressionRule | Specifies that if any unused suppression rule is found, the build will fail. | false
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0

The following nested elements can be set on the dependency-check task.

Expand Down
2 changes: 1 addition & 1 deletion maven/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ skipTestScope | Skip analysis for artifacts with Test Scope.
skipDependencyManagement | Skip analysis for dependencyManagement sections. | true
skipArtifactType | A regular expression used to filter/skip artifact types. This filters on the `type` of dependency as defined in the dependency section: jar, pom, test-jar, etc. |  
suppressionFiles | The file paths to the XML suppression files \- used to suppress [false positives](../general/suppression.html). The configuration value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
failBuildOnUnusedSuppressionRule | Specifies that if any unused suppression rule is found, the build will fail. | false
hintsFile | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html). |  
enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false
enableRetired | Enable the [retired analyzers](../analyzers/index.html). If not enabled the retired analyzers (see below) will not be loaded or used. | false
versionCheckEnabled | Whether dependency-check should check if a new version of dependency-check-maven exists. | true
failBuildOnUnusedSuppressionRule | Specifies that if any unused suppression rule is found, the build will fail. | false

Analyzer Configuration
====================
Expand Down
45 changes: 23 additions & 22 deletions src/site/markdown/dependency-check-gradle/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,28 +25,29 @@ apply plugin: 'org.owasp.dependencycheck'
check.dependsOn dependencyCheckAnalyze
```

Property | Description | Default Value
---------------------|----------------------------------------------------------------------------------------------------------------------|------------------
autoUpdate | Sets whether auto-updating of the NVD API CVE data is enabled. It is not recommended that this be turned to false. | true
analyzedTypes | The default artifact types that will be analyzed. | ['jar', 'aar', 'js', 'war', 'ear', 'zip']
format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). | HTML
formats | A list of report formats to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). |  
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. More information on CVSS scores can be found at the [NVD](https://nvd.nist.gov/vuln-metrics/cvss) | 11
failOnError | Fails the build if an error occurs during the dependency-check analysis. | true
outputDirectory | The location to write the report(s). This directory will be located in the build directory. | ${buildDir}/reports
skipTestGroups | When set to true (the default) all dependency groups that being with 'test' will be skipped. | true
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). The configured value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
suppressionFiles | A list of file paths to the XML suppression files \- used to suppress [false positives](../general/suppression.html). The configured values can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
hintsFile | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html) |  
skip | If set to true dependency-check analysis will be skipped. | false
skipConfigurations | A list of configurations that will be skipped. This is mutually exclusive with the scanConfigurations property. | `[]` which means no configuration is skipped.
scanConfigurations | A list of configurations that will be scanned, all other configurations are skipped. This is mutually exclusive with the skipConfigurations property. | `[]` which implicitly means all configurations get scanned.
scanProjects | A list of projects that will be scanned, all other projects are skipped. The list or projects to skip must include a preceding colon: `scanProjects = [':app']`. This is mutually exclusive with the `skipProjects` property. | `[]` which implicitly means all projects get scanned.
skipProjects | A list of projects that will be skipped. The list or projects to skip must include a preceding colon: `skipProjects = [':sub1']`. This is mutually exclusive with the `scanProjects` property. | `[]` which means no projects are skipped.
scanBuildEnv | A boolean indicating whether to scan the `buildEnv`. | false
scanDependencies | A boolean indicating whether to scan the `dependencies`. | true
scanSet | A list of directories that will be scanned for additional dependencies. | ['src/main/resources','src/main/webapp']
Property | Description | Default Value
---------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------
autoUpdate | Sets whether auto-updating of the NVD API CVE data is enabled. It is not recommended that this be turned to false. | true
analyzedTypes | The default artifact types that will be analyzed. | ['jar', 'aar', 'js', 'war', 'ear', 'zip']
format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). | HTML
formats | A list of report formats to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). |  
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11; since the CVSS scores are 0-10, by default the build will never fail. More information on CVSS scores can be found at the [NVD](https://nvd.nist.gov/vuln-metrics/cvss) | 11
failOnError | Fails the build if an error occurs during the dependency-check analysis. | true
outputDirectory | The location to write the report(s). This directory will be located in the build directory. | ${buildDir}/reports
skipTestGroups | When set to true (the default) all dependency groups that being with 'test' will be skipped. | true
suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). The configured value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
suppressionFiles | A list of file paths to the XML suppression files \- used to suppress [false positives](../general/suppression.html). The configured values can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) |  
failBuildOnUnusedSuppressionRule | Specifies that if any unused suppression rule is found, the build will fail. | false
hintsFile | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html) |  
skip | If set to true dependency-check analysis will be skipped. | false
skipConfigurations | A list of configurations that will be skipped. This is mutually exclusive with the scanConfigurations property. | `[]` which means no configuration is skipped.
scanConfigurations | A list of configurations that will be scanned, all other configurations are skipped. This is mutually exclusive with the skipConfigurations property. | `[]` which implicitly means all configurations get scanned.
scanProjects | A list of projects that will be scanned, all other projects are skipped. The list or projects to skip must include a preceding colon: `scanProjects = [':app']`. This is mutually exclusive with the `skipProjects` property. | `[]` which implicitly means all projects get scanned.
skipProjects | A list of projects that will be skipped. The list or projects to skip must include a preceding colon: `skipProjects = [':sub1']`. This is mutually exclusive with the `scanProjects` property. | `[]` which means no projects are skipped.
scanBuildEnv | A boolean indicating whether to scan the `buildEnv`. | false
scanDependencies | A boolean indicating whether to scan the `dependencies`. | true
scanSet | A list of directories that will be scanned for additional dependencies. | ['src/main/resources','src/main/webapp']

#### Example
```groovy
Expand Down

0 comments on commit 0ec89c5

Please sign in to comment.