• Home
• org.owasp
• dependency-check-core
• 10.0.1
• source code

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

endency-check-core.10.0.1.source-code.dependencycheck.properties Maven / Gradle / Ivy

odc.application.name=${pom.name}
odc.application.version=${pom.version}
odc.autoupdate=true

# the url to obtain the current engine version from
engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt

#temp.directory defaults to System.getProperty("java.io.tmpdir")
#temp.directory=[path to temp directory]

# the path to the data directory; the [JAR] signifies to use the relative path
# to the dependency-check-core JAR file. This path is only used to construct
# the connection string for the H2 driver (or other drivers that require a file path
# to be supplied. If you are using another database (MySQL, Oracle, etc.) this property
# will not be used. The data.directory will be resolved and if the connection string
# below contains a %s then the data.directory will replace the %s.
data.directory=[JAR]/data/9.0
#if the filename has a %s it will be replaced with the current expected version
data.file_name=odc.mv.db

### if you increment the DB version then you must increment the database file path
### in the mojo.properties, task.properties (maven and ant respectively), and
### the gradle PurgeDataExtension.
data.version=5.5

#The analysis timeout in minutes
odc.analysis.timeout=180

# define which settings are masked when logged
odc.settings.mask=.*password.*,.*token.*,.*api.key.*

data.connection_string=jdbc:h2:file:%s;AUTOCOMMIT=ON;CACHE_SIZE=65536;RETENTION_TIME=1000;MAX_COMPACT_TIME=10000;
#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck

# user name and password for the database connection. The inherent case is to use H2.
# As such, this unsecure username/password exist.
data.user=dcuser
data.password=DC-Pass1337!
# The following are only used if the DB Driver is not JDBC4 compliant and/or the driver
# is not in the current classpath. Setting these properties will add the give path(s) to
# the class loader and then register the driver with the DriverManager. If the class is
# not in the path you must specify both the driver name (aka the fully qualified driver name)
# and the driver path. The driver path can be a semi-colon separated list of files/directories
# to ensure any and all needed files can be added to the classpath to load the driver.
# For non-JDBC4 drivers in the classpath only the driver_name needs to be set.
# For MOST situations these properties likely do not need to be set.
data.driver_name=org.h2.Driver
#data.driver_path=

# the class name of the write lock shutdown hook
data.writelock.shutdownhook=org.owasp.dependencycheck.utils.WriteLockCleanupHook

proxy.disableSchemas=true

nvd.api.check.validforhours=4
nvd.api.datafeed.validfordays=7
nvd.api.max.retry.count=10
nvd.api.delay=0
#nvd.api.datafeed.url=https://example.com/nvd-cache/
#nvd.api.datafeed.user=
#nvd.api.datafeed.password=

cve.cpe.startswith.filter=cpe:2.3:a:
max.download.threads=1

#Known Exploited Vulnerabilities
kev.url=https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
kev.check.validforhours=24

cpe.validfordays=30
cpe.url=https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz

# the URL for searching Nexus for SHA-1 hashes
analyzer.nexus.url=https://repository.sonatype.org/service/local/

# the URL for searching search.maven.org for SHA-1
analyzer.central.url=https://search.maven.org/solrsearch/select
# Note - the central query is used in a String.format(query, url, sha1)).analyzer.jar.enabled
# As such, it must have two %s and any other % must be escapped by doubling it
analyzer.central.query=%s?q=1:%s&wt=xml
analyzer.central.retry.count=7
analyzer.central.parallel.analysis=false
analyzer.central.use.cache=true
central.content.url=https://search.maven.org/remotecontent?filepath=

analyzer.ossindex.enabled=true
analyzer.ossindex.url=https://ossindex.sonatype.org
analyzer.ossindex.use.cache=true

# the URL for searching NPM Audit API
analyzer.node.audit.url=https://registry.npmjs.org/-/npm/v1/security/audits
analyzer.node.audit.use.cache=true

# the number of nested archives that will be searched.
archive.scan.depth=3

# use HEAD (default) or GET as HTTP request method for query timestamp
downloader.quick.query.timestamp=true
downloader.tls.protocols=TLSv1.1,TLSv1.2,TLSv1.3

junit.fail.on.cvss=0

# defines if the experimental and retired analyzers can be enabled
analyzer.experimental.enabled=false
analyzer.retired.enabled=false

analyzer.jar.enabled=true
analyzer.knownexploited.enabled=true
analyzer.archive.enabled=true
analyzer.cpanfile.enabled=true
analyzer.node.package.enabled=true
analyzer.node.audit.enabled=true
analyzer.yarn.audit.enabled=true
analyzer.pnpm.audit.enabled=true
analyzer.golang.dep.enabled=true
analyzer.retirejs.enabled=true
analyzer.retirejs.repo.validforhours=24
analyzer.retirejs.repo.js.url=https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
analyzer.retirejs.filternonvulnerable=false
analyzer.golang.mod.enabled=true
analyzer.mix.audit.enabled=true
analyzer.composer.lock.enabled=true
analyzer.python.distribution.enabled=true
analyzer.python.package.enabled=true
analyzer.ruby.gemspec.enabled=true
analyzer.bundle.audit.enabled=true
analyzer.autoconf.enabled=true
analyzer.maveninstall.enabled=true
analyzer.pip.enabled=true
analyzer.pipfile.enabled=true
analyzer.poetry.enabled=true
analyzer.cmake.enabled=true
analyzer.assembly.enabled=true
analyzer.nuspec.enabled=true
analyzer.nugetconf.enabled=true
analyzer.msbuildproject.enabled=true
analyzer.openssl.enabled=true
analyzer.central.enabled=true
analyzer.nexus.enabled=false
analyzer.cocoapods.enabled=true
analyzer.carthage.enabled=true
analyzer.swift.package.manager.enabled=true
analyzer.swift.package.resolved.enabled=true
#whether the nexus analyzer uses the proxy
analyzer.nexus.proxy=true
analyzer.cpe.enabled=true
analyzer.npm.cpe.enabled=true
analyzer.cpesuppression.enabled=true
analyzer.dependencybundling.enabled=true
analyzer.dependencymerging.enabled=true
analyzer.falsepositive.enabled=true
analyzer.filename.enabled=true
analyzer.pe.enabled=true
analyzer.hint.enabled=true
analyzer.nvdcve.enabled=true
analyzer.vulnerabilitysuppression.enabled=true
analyzer.dart.enabled=true
updater.nvdcve.enabled=true
updater.versioncheck.enabled=true
analyzer.versionfilter.enabled=true
ecosystem.skip.cpeanalyzer=npm
database.batchinsert.enabled=true
database.batchinsert.maxsize=1000
analyzer.artifactory.enabled=false
analyzer.libman.enabled=true
odc.reports.pretty.print=false

hosted.suppressions.enabled=true
hosted.suppressions.url=https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml
hosted.suppressions.validforhours=2

## The following controls the max query limit used in the CPE searches for each ecosystem
odc.ecosystem.maxquerylimit.native=1000
odc.ecosystem.maxquerylimit.default=100