This content is part of a third party extension that is not supported by the Cake project.
For more information about this extension see Cake.DependencyCheck.
Summary
Required:
- Project
- Scan
- Assembly
- Cake
.DependencyCheck .dll - Namespace
- Cake
.DependencyCheck - Base Types
-
- ToolSettings
graph BT
Type-->Base0["ToolSettings"]
Type["DependencyCheckSettings"]
class Type type-node
Syntax
public class DependencyCheckSettings : ToolSettings
Constructors
Name | Summary |
---|---|
Dependency |
Default constructor |
Dependency |
Parameterized constructor |
Properties
Name | Value | Summary |
---|---|---|
AdvancedHelp | bool |
Print the advanced help message.
|
BundleAudit | string |
The path to the bundle-audit executable.
|
ConnectionString | string |
The connection string to the database.
|
ConnectionTimeout | string |
The connection timeout (in milliseconds) to use when downloading resources.
|
CveUrl12Base | string |
Base URL for each year’s CVE 1.2, the %d will be replaced with the year
|
CveUrl12Modified | string |
URL for the modified CVE 1.2
|
CveUrl20Base | string |
Base URL for each year’s CVE 2.0, the %d will be replaced with the year
|
CveUrl20Modified | string |
URL for the modified CVE 2.0
|
CveValidForHours | string |
The number of hours to wait before checking for new updates from the NVD. The default is 4 hours.
|
Data | string |
The location of the data directory used to store persistent data. This option should generally not be set.
|
DatabaseDriverName | string |
The database driver name.
|
DatabaseDriverPath | string |
The path to the database driver; note, this does not need to be set unless the JAR is outside of the class path.
|
DatabasePassword | string |
The password for connecting to the database.
|
DatabaseUser | string |
The username used to connect to the database.
|
DisableArchive | bool |
Sets whether the Archive Analyzer will be disabled.
|
DisableAssembly | bool |
Sets whether or not the .NET Assembly Analyzer should be used.
|
DisableAutoconf | bool |
Sets whether the experimental Autoconf Analyzer will be used.
|
DisableBundleAudit | bool |
Sets whether the experimental Ruby Bundler Audit Analyzer will be used.
|
DisableCentral | bool |
Sets whether the Central Analyzer will be used. Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly). If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer.
|
DisableCmake | bool |
Sets whether the experimental Cmake Analyzer will be disabled.
|
Disable |
bool |
Sets whether the experimental Cocoapods Analyzer will be used.
|
DisableComposer | bool |
Sets whether the experimental PHP Composer Lock File Analyzer will be disabled.
|
DisableJar | bool |
Sets whether the Jar Analyzer will be disabled.
|
DisableNexus | bool |
Sets whether the Nexus Analyzer will be used (requires Nexus Pro). Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server.
|
DisableNodeJS | bool |
Sets whether the retired Node.js Package Analyzer will be used.
|
DisableNSP | bool |
Sets whether the NSP Analyzer will be used.
|
DisableNuspec | bool |
Sets whether or not the .NET Nuget Nuspec Analyzer will be used.
|
DisableOpenSSL | bool |
Sets whether the OpenSSL Analyzer will be used.
|
DisablePyDist | bool |
Sets whether the experimental Python Distribution Analyzer will be used.
|
DisablePyPkg | bool |
Sets whether the experimental Python Package Analyzer will be used.
|
DisableRubygems | bool |
Sets whether the experimental Ruby Gemspec Analyzer will be used.
|
Disable |
bool |
Sets whether the experimental Swift Package Manager Analyzer will be used.
|
EnableExperimental | bool |
Enable the experimental analyzers. If not set the analyzers marked as experimental below will not be loaded or used.
|
EnableRetired | bool |
Enable the retired analyzers. If not set the analyzers marked as retired below will not be loaded or used.
|
Exclude | string |
The path patterns to exclude from the scan - this option can be specified multiple times. This accepts Ant style path patterns (e.g. /exclude/).
|
FailOnCVSS | string |
If the score set between 0 and 10 the exit code from dependency-check will indicate if a vulnerability with a CVSS score equal to or higher was identified.
|
Format | string |
The output format to write to (XML, HTML, CSV, JSON, VULN, ALL). The default is HTML.
|
Help | bool |
Print the help message.
|
Log | string |
The file path to write verbose logging information.
|
Mono | string |
The path to Mono for .NET Assembly analysis on non-windows systems.
|
Nexus | string |
The url to the Nexus Server’s web service end point (example: http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled.
|
NexusUsesProxy | string |
Whether or not the defined proxy should be used when connecting to Nexus.
|
Noupdate | bool |
Disables the automatic updating of the CPE data.
|
Out | string |
The folder to write reports to. This defaults to the current directory. If the format is not set to ALL one could specify a specific file name.
|
Project | string |
The name of the project being scanned.
|
Propertyfile | string |
Specifies a file that contains properties to use instead of applicaion defaults.
|
ProxyPassword | string |
The proxy password to use when downloading resources.
|
ProxyPort | string |
The proxy port to use when downloading resources.
|
ProxyServer | string |
The proxy server to use when downloading resources; see the proxy configuration page for more information.
|
ProxyUser | string |
The proxy username to use when downloading resources.
|
Purge | bool |
Delete the local copy of the NVD. This is used to force a refresh of the data.
|
Scan | string |
The path to scan - this option can be specified multiple times. It is also possible to specify Ant style paths (e.g. directory/*/.jar).
|
Suppression | string |
The file paths to the suppression XML files; used to suppress false positives. This can be specified more than once to utilize multiple suppression files.
|
SymLink | string |
The depth that symbolic links will be followed; the default is 0 meaning symbolic links will not be followed.
|
Updateonly | bool |
If set only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated.
|
Version | bool |
Print the runner version information.
|
ZipExtensions | string |
A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed.
|
Extension Methods
Name | Value | Summary |
---|---|---|
Dump |
string |
Get a basic string representation of specified object.
From LoggingExtensions
Requires the Cake.Incubator addin
|
IsIn |
bool |
Checks if the source is contained in a list
From EnumerableExtensions
Requires the Cake.Incubator addin
|
NotNull |
void |
Throws an exception if the specified parameter's value is null.
From Extensions
Requires the Cake.Ftp addin
|
NotNull |
void |
Throws an exception if the specified parameter's value is null.
From IssuesArgumentChecks
Requires the Cake.Issues addin
|
ThrowIfNull |
T |
Throws a
System.ArgumentNullException with a specific message if the value is null, otherwise returns the value
From AssertExtensions
Requires the Cake.Incubator addin
|
ThrowIfNull |
T |
Throws a
System.ArgumentNullException if the value is null, otherwise returns the value
From AssertExtensions
Requires the Cake.Incubator addin
|
ToDictionary |
IDictionary |
From ObjectHelpers
Requires the Cake.DeployParams addin
|
To |
string |
Returns the string value or a
Not set > markup suitable for Spectre.Console.
From StringExtensions
Requires the Cake.Issues addin
|