Skip to content

Commit

Permalink
Merge pull request #5180 from jeremylong/matzi/main
Browse files Browse the repository at this point in the history 
fix: Make OSS Index URL configurable via CLI
  • Loading branch information
@aikebah
aikebah committed Dec 24, 2022
2 parents 8b8bc8d + 39ecfe8 commit a4d8c99
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 3 deletions.
2 changes: 2 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Expand Up @@ -580,6 +580,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.hasOption(CliParser.ARGUMENT.DISABLE_NODE_AUDIT_SKIPDEV));
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED,
cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_USERNAME));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD,
Expand Down
6 changes: 6 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Expand Up @@ -389,6 +389,8 @@ private void addAdvancedOptions(final Options options) {
.addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
"The path to working directory that the bundle-audit command should be executed from when "
+ "doing Gem bundle analysis."))
.addOption(newOptionWithArg(ARGUMENT.OSSINDEX_URL, "url",
"Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
.addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
"The username to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS Index "
+ "Analyzer will use an unauthenticated connection."))
Expand Down Expand Up @@ -1305,6 +1307,10 @@ public static class ARGUMENT {
* locally.
*/
public static final String DISABLE_OSSINDEX_CACHE = "disableOssIndexCache";
/**
* The alternative URL for the Sonatype OSS Index.
*/
public static final String OSSINDEX_URL = "ossIndexUrl";
/**
* The username for the Sonatype OSS Index.
*/
Expand Down
7 changes: 4 additions & 3 deletions cli/src/site/markdown/arguments.md
View file
Expand Up @@ -58,8 +58,8 @@ Advanced Options
| | \-\-disableRubygems | | Sets whether the [experimental](../analyzers/index.html) Ruby Gemspec Analyzer will be used. |   |
| | \-\-disableBundleAudit | | Sets whether the [experimental](../analyzers/index.html) Ruby Bundler Audit Analyzer will be used. |   |
| | \-\-disableCocoapodsAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer will be used. |   |
| | \-\-disableSwiftPackageManagerAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Swift Package Manager Analyzer will be used. |   |
| | \-\-disableSwiftPackageResolvedAnalyzer| | Sets whether the [experimental](../analyzers/index.html) Swift Package Resolved Analyzer will be used. |   |
| | \-\-disableSwiftPackageManagerAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Swift Package Manager Analyzer will be used. |   |
| | \-\-disableSwiftPackageResolvedAnalyzer| | Sets whether the [experimental](../analyzers/index.html) Swift Package Resolved Analyzer will be used. |   |
| | \-\-disableAutoconf | | Sets whether the [experimental](../analyzers/index.html) Autoconf Analyzer will be used. |   |
| | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. |   |
| | \-\-disableCmake | | Sets whether the [experimental](../analyzers/index.html) Cmake Analyzer will be disabled. |   |
Expand All @@ -73,7 +73,8 @@ Advanced Options
| | \-\-disableOssIndexCache | | When the argument is present the OSS Index Analyzer will not cache results. By default results are cached for 24 hours. |   |
| | \-\-ossIndexUsername | \<username\> | The optional username to connect to Sonatype's OSS Index. | &nbsp; |
| | \-\-ossIndexPassword | \<password\> | The optional password to connect to Sonatype's OSS Index. | &nbsp; |
| | \-\-ossIndexRemoteErrorWarnOnly | | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | &nbsp; |
| | \-\-ossIndexRemoteErrorWarnOnly | | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | &nbsp; |
| | \-\-ossIndexUrl | \<url\> | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org |
| | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. | &nbsp; |
| | \-\-disableCentralCache | | When the argument is present the Central Analyzer will not cache results locally. By default results are cached locally for 30 days. | &nbsp; |
| | \-\-enableNexus | | Sets whether the Nexus Analyzer will be used (requires Nexus v2 or Pro v3). You can configure the Nexus URL to utilize an internally hosted Nexus server. | &nbsp; |
Expand Down

0 comments on commit a4d8c99

Please sign in to comment.