• Home
• org.owasp
• dependency-check-core
• 5.0.0-M2
• source code

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

endency-check-core.5.0.0-M2.source-code.dependencycheck.properties Maven / Gradle / Ivy

application.name=${pom.name}
application.version=${pom.version}
autoupdate=true

# the url to obtain the current engine version from
engine.version.url=https://jeremylong.github.io/DependencyCheck/current.txt

#temp.directory defaults to System.getProperty("java.io.tmpdir")
#temp.directory=[path to temp directory]

# the path to the data directory; the [JAR] signifies to use the relative path
# to the dependency-check-core JAR file. This path is only used to construct
# the connection string for the H2 driver (or other drivers that require a file path
# to be supplied. If you are using another database (MySQL, Oracle, etc.) this property
# will not be used. The data.directory will be resolved and if the connection string
# below contains a %s then the data.directory will replace the %s.
data.directory=[JAR]/data
#if the filename has a %s it will be replaced with the current expected version
data.file_name=odc.mv.db

### if you increment the DB version then you must increment the database file path
### in the mojo.properties, task.properties (maven and ant respectively), and
### the gradle PurgeDataExtension.
data.version=4.1

#The analysis timeout in minutes
odc.analysis.timeout=20

data.connection_string=jdbc:h2:file:%s;AUTOCOMMIT=ON;LOG=0;CACHE_SIZE=65536;
#data.connection_string=jdbc:mysql://localhost:3306/dependencycheck

# user name and password for the database connection. The inherent case is to use H2.
# As such, this unsecure username/password exist.
data.user=dcuser
data.password=DC-Pass1337!
# The following are only used if the DB Driver is not JDBC4 compliant and/or the driver
# is not in the current classpath. Setting these properties will add the give path(s) to
# the class loader and then register the driver with the DriverManager. If the class is
# not in the path you must specify both the driver name (aka the fully qualified driver name)
# and the driver path. The driver path can be a semi-colon separated list of files/directories
# to ensure any and all needed files can be added to the classpath to load the driver.
# For non-JDBC4 drivers in the classpath only the driver_name needs to be set.
# For MOST situations these properties likely do not need to be set.
data.driver_name=org.h2.Driver
data.driver_path=

# the class name of the H2 database shutdown hook
data.h2.shutdownhook=org.owasp.dependencycheck.utils.H2DBCleanupHook

proxy.disableSchemas=true
# the number of days that the modified nvd cve data holds data for. We don't need
# to update the other files if we are within this timespan. Per NIST this file
# holds 8 days of updates, we are using 7 just to be safe.
cve.url.modified.validfordays=7
# the number of hours to wait before checking if updates are available from the NVD.
cve.check.validforhours=4
#first year to pull data from the URLs below
cve.startyear=2002
#the original URL and modified URL should be the same; this is used to detect if we are using an internal NVD CVE copy
cve.url.original=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz
cve.url.modified=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz
cve.url.base=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-%d.json.gz
cve.cpe.startswith.filter=cpe:2.3:a:


# the path to the modified nvd cve xml file.
cve.url-1.2.modified=https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-modified.xml.gz
#cve.url-1.2.modified=http://nvd.nist.gov/download/nvdcve-modified.xml
#the original URL and modified URL should be the same; this is used to detect if we are using an internal NVD CVE copy
cve.url-2.0.original=https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz
cve.url-2.0.modified=https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-Modified.xml.gz
#cve.url-2.0.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml
cve.url-1.2.base=https://nvd.nist.gov/feeds/xml/cve/1.2/nvdcve-%d.xml.gz
#cve.url-1.2.base=http://nvd.nist.gov/download/nvdcve-%d.xml
cve.url-2.0.base=https://nvd.nist.gov/feeds/xml/cve/2.0/nvdcve-2.0-%d.xml.gz
#cve.url-2.0.base=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml

cpe.validfordays=30
cpe.url=https://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz

# the URL for searching Nexus for SHA-1 hashes and whether it's enabled
analyzer.nexus.enabled=true
analyzer.nexus.url=https://repository.sonatype.org/service/local/
# If set to true, the proxy will still ONLY be used if the proxy properties (proxy.url, proxy.port)
# are configured
analyzer.nexus.proxy=true

# the URL for searching search.maven.org for SHA-1 and whether it's enabled
analyzer.central.enabled=true
analyzer.central.url=https://search.maven.org/solrsearch/select
# Note - the central query is used in a String.format(query, url, sha1)).
# As such, it must have two %s and any other % must be escapped by doubling it
analyzer.central.query=%s?q=1:%s&wt=xml
analyzer.central.retry.count=7
analyzer.central.parallel.analysis=true

# the URL for searching NPM Audit API
analyzer.node.audit.url=https://registry.npmjs.org/-/npm/v1/security/audits

# the number of nested archives that will be searched.
archive.scan.depth=3

# use HEAD (default) or GET as HTTP request method for query timestamp
downloader.quick.query.timestamp=true
downloader.tls.protocols=TLSv1.1,TLSv1.2,TLSv1.3

# the minimum score for documents from a lucene search
dependency.check.lucene.min.score=30

# defines if the experimental and retired analyzers can be enabled
analyzer.experimental.enabled=false
analyzer.retired.enabled=false

analyzer.jar.enabled=true
analyzer.archive.enabled=true
analyzer.node.package.enabled=true
analyzer.node.audit.enabled=true
analyzer.retirejs.enabled=true
analyzer.retirejs.repo.validforhours=24
analyzer.retirejs.repo.js.url=https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
analyzer.composer.lock.enabled=true
analyzer.python.distribution.enabled=true
analyzer.python.package.enabled=true
analyzer.ruby.gemspec.enabled=true
analyzer.bundle.audit.enabled=true
analyzer.autoconf.enabled=true
analyzer.cmake.enabled=true
analyzer.assembly.enabled=true
analyzer.nuspec.enabled=true
analyzer.nugetconf.enabled=true
analyzer.msbuildproject.enabled=true
analyzer.openssl.enabled=true
analyzer.central.enabled=true
analyzer.nexus.enabled=false
analyzer.cocoapods.enabled=true
analyzer.swift.package.manager.enabled=true
#whether the nexus analyzer uses the proxy
analyzer.nexus.proxy=true
analyzer.cpe.enabled=true
analyzer.cpesuppression.enabled=true
analyzer.dependencybundling.enabled=true
analyzer.dependencymerging.enabled=true
analyzer.falsepositive.enabled=true
analyzer.filename.enabled=true
analyzer.hint.enabled=true
analyzer.nvdcve.enabled=true
analyzer.vulnerabilitysuppression.enabled=true
updater.nvdcve.enabled=true
updater.versioncheck.enabled=true
analyzer.versionfilter.enabled=true
ecosystem.skip.cpeanalyzer=npm
database.batchinsert.enabled=true
database.batchinsert.maxsize=1000