Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Make OSS Index URL configurable via CLI #5180

Merged
merged 2 commits into from Dec 24, 2022
Merged

fix: Make OSS Index URL configurable via CLI #5180

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8771373
Make OSS Index URL configurable via CLI #5036
Dec 22, 2022
39ecfe8
fix(doc): add documenttion
jeremylong Dec 24, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/App.java
View file
Open in desktop
Expand Up @@ -580,6 +580,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
cli.hasOption(CliParser.ARGUMENT.DISABLE_NODE_AUDIT_SKIPDEV));
settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED,
cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER,
cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_USERNAME));
settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_PASSWORD,
Expand Down
6 changes: 6 additions & 0 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Open in desktop
Expand Up @@ -389,6 +389,8 @@ private void addAdvancedOptions(final Options options) {
.addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
"The path to working directory that the bundle-audit command should be executed from when "
+ "doing Gem bundle analysis."))
.addOption(newOptionWithArg(ARGUMENT.OSSINDEX_URL, "url",
"Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
.addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
"The username to authenticate to Sonatype's OSS Index. If not set the Sonatype OSS Index "
+ "Analyzer will use an unauthenticated connection."))
Expand Down Expand Up @@ -1304,6 +1306,10 @@ public static class ARGUMENT {
* locally.
*/
public static final String DISABLE_OSSINDEX_CACHE = "disableOssIndexCache";
/**
* The alternative URL for the Sonatype OSS Index.
*/
public static final String OSSINDEX_URL = "ossIndexUrl";
/**
* The username for the Sonatype OSS Index.
*/
Expand Down
7 changes: 4 additions & 3 deletions cli/src/site/markdown/arguments.md
View file
Open in desktop
Expand Up @@ -58,8 +58,8 @@ Advanced Options
| | \-\-disableRubygems | | Sets whether the [experimental](../analyzers/index.html) Ruby Gemspec Analyzer will be used. |   |
| | \-\-disableBundleAudit | | Sets whether the [experimental](../analyzers/index.html) Ruby Bundler Audit Analyzer will be used. |   |
| | \-\-disableCocoapodsAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Cocoapods Analyzer will be used. |   |
| | \-\-disableSwiftPackageManagerAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Swift Package Manager Analyzer will be used. |   |
| | \-\-disableSwiftPackageResolvedAnalyzer| | Sets whether the [experimental](../analyzers/index.html) Swift Package Resolved Analyzer will be used. |   |
| | \-\-disableSwiftPackageManagerAnalyzer | | Sets whether the [experimental](../analyzers/index.html) Swift Package Manager Analyzer will be used. |   |
| | \-\-disableSwiftPackageResolvedAnalyzer| | Sets whether the [experimental](../analyzers/index.html) Swift Package Resolved Analyzer will be used. |   |
| | \-\-disableAutoconf | | Sets whether the [experimental](../analyzers/index.html) Autoconf Analyzer will be used. |   |
| | \-\-disableOpenSSL | | Sets whether the OpenSSL Analyzer will be used. |   |
| | \-\-disableCmake | | Sets whether the [experimental](../analyzers/index.html) Cmake Analyzer will be disabled. |   |
Expand All @@ -73,7 +73,8 @@ Advanced Options
| | \-\-disableOssIndexCache | | When the argument is present the OSS Index Analyzer will not cache results. By default results are cached for 24 hours. |   |
| | \-\-ossIndexUsername | \<username\> | The optional username to connect to Sonatype's OSS Index. | &nbsp; |
| | \-\-ossIndexPassword | \<password\> | The optional password to connect to Sonatype's OSS Index. | &nbsp; |
| | \-\-ossIndexRemoteErrorWarnOnly | | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | &nbsp; |
| | \-\-ossIndexRemoteErrorWarnOnly | | Whether we should only warn about Sonatype OSS Index remote errors instead of failing completely. | &nbsp; |
| | \-\-ossIndexUrl | \<url\> | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used. | https://ossindex.sonatype.org |
| | \-\-disableCentral | | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. | &nbsp; |
| | \-\-disableCentralCache | | When the argument is present the Central Analyzer will not cache results locally. By default results are cached locally for 30 days. | &nbsp; |
| | \-\-enableNexus | | Sets whether the Nexus Analyzer will be used (requires Nexus v2 or Pro v3). You can configure the Nexus URL to utilize an internally hosted Nexus server. | &nbsp; |
Expand Down