DependencyCheckSettings Class

Summary

Required: - Project - Scan
Assembly
Cake.DependencyCheck.dll
Namespace
Cake.DependencyCheck
Base Types
  • ToolSettings
graph BT Type-->Base0["ToolSettings"] Type["DependencyCheckSettings"] class Type type-node

Syntax

public class DependencyCheckSettings : ToolSettings

Constructors

Name Summary
DependencyCheckSettings() Default constructor
DependencyCheckSettings(string, string) Parameterized constructor

Properties

Name Value Summary
AdvancedHelp bool
Print the advanced help message.
BundleAudit string
The path to the bundle-audit executable.
ConnectionString string
The connection string to the database.
ConnectionTimeout string
The connection timeout (in milliseconds) to use when downloading resources.
CveUrl12Base string
Base URL for each year’s CVE 1.2, the %d will be replaced with the year
CveUrl12Modified string
URL for the modified CVE 1.2
CveUrl20Base string
Base URL for each year’s CVE 2.0, the %d will be replaced with the year
CveUrl20Modified string
URL for the modified CVE 2.0
CveValidForHours string
The number of hours to wait before checking for new updates from the NVD. The default is 4 hours.
Data string
The location of the data directory used to store persistent data. This option should generally not be set.
DatabaseDriverName string
The database driver name.
DatabaseDriverPath string
The path to the database driver; note, this does not need to be set unless the JAR is outside of the class path.
DatabasePassword string
The password for connecting to the database.
DatabaseUser string
The username used to connect to the database.
DisableArchive bool
Sets whether the Archive Analyzer will be disabled.
DisableAssembly bool
Sets whether or not the .NET Assembly Analyzer should be used.
DisableAutoconf bool
Sets whether the experimental Autoconf Analyzer will be used.
DisableBundleAudit bool
Sets whether the experimental Ruby Bundler Audit Analyzer will be used.
DisableCentral bool
Sets whether the Central Analyzer will be used. Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly). If this analyzer is being disabled there is a good chance you also want to disable the Nexus Analyzer.
DisableCmake bool
Sets whether the experimental Cmake Analyzer will be disabled.
DisableCocoapodsAnalyzer bool
Sets whether the experimental Cocoapods Analyzer will be used.
DisableComposer bool
Sets whether the experimental PHP Composer Lock File Analyzer will be disabled.
DisableJar bool
Sets whether the Jar Analyzer will be disabled.
DisableNexus bool
Sets whether the Nexus Analyzer will be used (requires Nexus Pro). Note, this has been superceded by the Central Analyzer. However, you can configure the Nexus URL to utilize an internally hosted Nexus Pro server.
DisableNodeJS bool
Sets whether the retired Node.js Package Analyzer will be used.
DisableNSP bool
Sets whether the NSP Analyzer will be used.
DisableNuspec bool
Sets whether or not the .NET Nuget Nuspec Analyzer will be used.
DisableOpenSSL bool
Sets whether the OpenSSL Analyzer will be used.
DisablePyDist bool
Sets whether the experimental Python Distribution Analyzer will be used.
DisablePyPkg bool
Sets whether the experimental Python Package Analyzer will be used.
DisableRubygems bool
Sets whether the experimental Ruby Gemspec Analyzer will be used.
DisableSwiftPackageManagerAnalyzer bool
Sets whether the experimental Swift Package Manager Analyzer will be used.
EnableExperimental bool
Enable the experimental analyzers. If not set the analyzers marked as experimental below will not be loaded or used.
EnableRetired bool
Enable the retired analyzers. If not set the analyzers marked as retired below will not be loaded or used.
Exclude string
The path patterns to exclude from the scan - this option can be specified multiple times. This accepts Ant style path patterns (e.g. /exclude/).
FailOnCVSS string
If the score set between 0 and 10 the exit code from dependency-check will indicate if a vulnerability with a CVSS score equal to or higher was identified.
Format string
The output format to write to (XML, HTML, CSV, JSON, VULN, ALL). The default is HTML.
Help bool
Print the help message.
Log string
The file path to write verbose logging information.
Mono string
The path to Mono for .NET Assembly analysis on non-windows systems.
Nexus string
The url to the Nexus Server’s web service end point (example: http://domain.enterprise/nexus/service/local/). If not set the Nexus Analyzer will be disabled.
NexusUsesProxy string
Whether or not the defined proxy should be used when connecting to Nexus.
Noupdate bool
Disables the automatic updating of the CPE data.
Out string
The folder to write reports to. This defaults to the current directory. If the format is not set to ALL one could specify a specific file name.
Project string
The name of the project being scanned.
Propertyfile string
Specifies a file that contains properties to use instead of applicaion defaults.
ProxyPassword string
The proxy password to use when downloading resources.
ProxyPort string
The proxy port to use when downloading resources.
ProxyServer string
The proxy server to use when downloading resources; see the proxy configuration page for more information.
ProxyUser string
The proxy username to use when downloading resources.
Purge bool
Delete the local copy of the NVD. This is used to force a refresh of the data.
Scan string
The path to scan - this option can be specified multiple times. It is also possible to specify Ant style paths (e.g. directory/*/.jar).
Suppression string
The file paths to the suppression XML files; used to suppress false positives. This can be specified more than once to utilize multiple suppression files.
SymLink string
The depth that symbolic links will be followed; the default is 0 meaning symbolic links will not be followed.
Updateonly bool
If set only the update phase of dependency-check will be executed; no scan will be executed and no report will be generated.
Version bool
Print the runner version information.
ZipExtensions string
A comma-separated list of additional file extensions to be treated like a ZIP file, the contents will be extracted and analyzed.

Extension Methods

Name Value Summary
Dump<DependencyCheckSettings>() string
Get a basic string representation of specified object.
Requires the Cake.Incubator addin
IsIn<DependencyCheckSettings>(DependencyCheckSettings[]) bool
Checks if the source is contained in a list
Requires the Cake.Incubator addin
NotNull<DependencyCheckSettings>(string) void
Throws an exception if the specified parameter's value is null.
Requires the Cake.Ftp addin
NotNull<DependencyCheckSettings>(string) void
Throws an exception if the specified parameter's value is null.
Requires the Cake.Issues addin
ThrowIfNull<DependencyCheckSettings>(string, string) T
Throws a System.ArgumentNullException with a specific message if the value is null, otherwise returns the value
Requires the Cake.Incubator addin
ThrowIfNull<DependencyCheckSettings>(string) T
Throws a System.ArgumentNullException if the value is null, otherwise returns the value
Requires the Cake.Incubator addin
ToDictionary() IDictionary<string, object>
Requires the Cake.DeployParams addin