New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reporting maven configuration #144
Comments
i also try the configuration of the Example 3 with the same result |
What version of Maven are you using? --Jeremy On Thu, Aug 7, 2014 at 10:21 AM, Aurélien Leboulanger <
|
But what version of mavens are you using? 2.x or 3.x? Jeremy
|
maven 3.2.2 |
Two things to try:
Regards, Jeremy On Thu, Aug 7, 2014 at 11:40 AM, Aurélien Leboulanger <
|
logFile of my parent maven module : https://gist.github.com/herau/52d95848b2db2d1f512e. .db files are in the right directory : 1420185 Aug 11 01:23 /tmp/maven-repository/org/owasp/dependency-check-data/cve.2.9.trace.db |
The dependency-check-maven plugin does not currently perform aggregation on --Jeremy On Mon, Aug 11, 2014 at 5:45 AM, Aurélien Leboulanger <
|
OK but it doesn't explain The blank page on The generated maven site right ? |
While developing the report aggregation feature I did run into the blank page problem. This was fixed as part of the report aggregation patch. Additionally, the documentation will be updated to show the use of the reporting section. |
👍 Thanks, i will try it. |
there are no reference about this kind of configuration in the current documentation page . |
The functionality is in the current snapshot build (i.e. not available in Best Regards, Jeremy Long On Mon, Sep 15, 2014 at 7:54 AM, Aurélien Leboulanger <
|
Hello, <reporting>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<logFile>${project.build.directory}/dependency-check.log</logFile>
<skipProvidedScope>true</skipProvidedScope>
<skipRuntimeScope>true</skipRuntimeScope>
<!--<externalReport>false</externalReport>-->
<aggregate>true</aggregate>
</configuration>
<reportSets>
<reportSet>
<reports>
<report>check</report>
</reports>
</reportSet>
</reportSets>
</plugin>
</plugins>
</reporting> But i sill have an empty page after the maven site generation (just have the generation date :-)) my log file : Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings logProperties
FINE: Properties loaded:
analyzer.nexus.enabled='true'
autoupdate='true'
analyzer.assembly.enabled='true'
analyzer.nexus.proxy='true'
cve.url-1.2.base='http://nvd.nist.gov/download/nvdcve-%d.xml'
cve.url-1.2.modified='http://nvd.nist.gov/download/nvdcve-modified.xml'
data.driver_name='org.h2.Driver'
data.file_name='cve.%s.h2.db'
application.name='Dependency-Check Core'
data.directory='[JAR]/data'
max.download.threads='3'
cve.url-2.0.base='http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml'
analyzer.nuspec.enabled='true'
cve.url-2.0.modified='http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml'
cve.startyear='2002'
cve.url.modified.validfordays='7'
analyzer.jar.enabled='true'
data.version='2.9'
data.user='dcuser'
analyzer.nexus.url='https://repository.sonatype.org/service/local/'
application.version='1.2.4'
analyzer.archive.enabled='true'
data.driver_path=''
data.connection_string='jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;'
data.password='*****'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings logProperties
FINE: Properties updated via merge:
analyzer.nexus.enabled='true'
autoupdate='true'
analyzer.assembly.enabled='true'
analyzer.nexus.proxy='true'
cve.url-1.2.base='http://nvd.nist.gov/download/nvdcve-%d.xml'
cve.url-1.2.modified='http://nvd.nist.gov/download/nvdcve-modified.xml'
data.driver_name='org.h2.Driver'
data.file_name='cve.%s.h2.db'
application.name='Dependency-Check Core'
data.directory='[JAR]/../../dependency-check-data'
max.download.threads='3'
cve.url-2.0.base='http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%d.xml'
analyzer.nuspec.enabled='true'
cve.url-2.0.modified='http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml'
cve.startyear='2002'
cve.url.modified.validfordays='7'
analyzer.jar.enabled='true'
data.version='2.9'
data.user='dcuser'
analyzer.nexus.url='https://repository.sonatype.org/service/local/'
application.version='1.2.4'
analyzer.archive.enabled='true'
data.driver_path=''
data.connection_string='jdbc:h2:file:%s;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;'
data.password='*****'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: autoupdate='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.jar.enabled='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.nuspec.enabled='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.nexus.enabled='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.nexus.proxy='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.archive.enabled='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: analyzer.assembly.enabled='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: skip.test.scope='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: skip.runtime.scope='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings setBoolean
FINE: Setting: skip.provided.scope='true'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.data.nvdcve.ConnectionFactory initialize
FINE: Loading driver: org.h2.Driver
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - file: '[JAR]/../../dependency-check-data'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - transforming filename
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - jar file: '/tmp/maven-repository/org/owasp/dependency-check-utils/1.2.4'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - returning: '/tmp/maven-repository/org/owasp/dependency-check-utils/1.2.4/../../dependency-check-data'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getConnectionString
FINE: Connection String: 'jdbc:h2:file:/tmp/maven-repository/org/owasp/dependency-check-data/cve.2.9;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - file: '[JAR]/../../dependency-check-data'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - transforming filename
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - jar file: '/tmp/maven-repository/org/owasp/dependency-check-utils/1.2.4'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.utils.Settings getDataFile
FINE: Settings.getDataFile() - returning: '/tmp/maven-repository/org/owasp/dependency-check-utils/1.2.4/../../dependency-check-data'
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.data.nvdcve.ConnectionFactory initialize
FINE: Need to create DB Structure: false
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.data.nvdcve.ConnectionFactory initialize
FINE: Loading database connection
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.data.nvdcve.ConnectionFactory initialize
FINE: Connection String: jdbc:h2:file:/tmp/maven-repository/org/owasp/dependency-check-data/cve.2.9;FILE_LOCK=SERIALIZED;AUTOCOMMIT=ON;
Sep 30, 2014 1:23:23 AM org.owasp.dependencycheck.data.nvdcve.ConnectionFactory initialize
FINE: Database User: dcuser
Sep 30, 2014 1:23:27 AM org.owasp.dependencycheck.data.update.task.DownloadTask call
INFO: Download Started for NVD CVE - Modified
Sep 30, 2014 1:23:34 AM org.owasp.dependencycheck.data.update.task.DownloadTask call
INFO: Download Complete for NVD CVE - Modified
Sep 30, 2014 1:23:34 AM org.owasp.dependencycheck.data.update.task.ProcessTask processFiles
INFO: Processing Started for NVD CVE - Modified
Sep 30, 2014 1:23:44 AM org.owasp.dependencycheck.data.update.task.ProcessTask processFiles
INFO: Processing Complete for NVD CVE - Modified
Sep 30, 2014 1:23:44 AM org.owasp.dependencycheck.data.update.StandardUpdate update
INFO: Begin database maintenance.
Sep 30, 2014 1:24:06 AM org.owasp.dependencycheck.data.update.StandardUpdate update
INFO: End database maintenance.
Sep 30, 2014 1:24:08 AM org.owasp.dependencycheck.data.nvdcve.CveDB finalize
FINE: Entering finalize
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE:
----------------------------------------------------
BEGIN ANALYSIS
----------------------------------------------------
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
INFO: Analysis Starting
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Archive Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Archive Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing File Name Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'File Name Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Jar Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Jar Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Nexus Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Nexus Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Nuspec Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Nuspec Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Assembly Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Assembly Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Hint Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Hint Analyzer'
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing CPE Analyzer
Sep 30, 2014 1:24:20 AM org.owasp.dependencycheck.analyzer.CPEAnalyzer open
FINE: Opening the CVE Database
Sep 30, 2014 1:24:21 AM org.owasp.dependencycheck.analyzer.CPEAnalyzer open
FINE: Creating the Lucene CPE Index
Sep 30, 2014 1:24:21 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'CPE Analyzer'
Sep 30, 2014 1:24:21 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing False Positive Analyzer
Sep 30, 2014 1:24:21 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'False Positive Analyzer'
Sep 30, 2014 1:24:21 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Cpe Suppression Analyzer
Sep 30, 2014 1:24:22 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Cpe Suppression Analyzer'
Sep 30, 2014 1:24:22 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Dependency Bundling Analyzer
Sep 30, 2014 1:24:22 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Dependency Bundling Analyzer'
Sep 30, 2014 1:24:22 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing NVD CVE Analyzer
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'NVD CVE Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine initializeAnalyzer
FINE: Initializing Vulnerability Suppression Analyzer
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE: Begin Analyzer 'Vulnerability Suppression Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Archive Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'File Name Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Jar Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Nexus Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Nuspec Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Assembly Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Hint Analyzer'
Sep 30, 2014 1:24:23 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'CPE Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'False Positive Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Cpe Suppression Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Dependency Bundling Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'NVD CVE Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine closeAnalyzer
FINE: Closing Analyzer 'Vulnerability Suppression Analyzer'
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine analyzeDependencies
FINE:
----------------------------------------------------
END ANALYSIS
----------------------------------------------------
Sep 30, 2014 1:24:24 AM org.owasp.dependencycheck.Engine analyzeDependencies
INFO: Analysis Complete
Sep 30, 2014 1:25:22 AM org.owasp.dependencycheck.data.nvdcve.CveDB finalize
FINE: Entering finalize
Sep 30, 2014 1:25:22 AM org.owasp.dependencycheck.data.nvdcve.CveDB finalize
FINE: Entering finalize
Sep 30, 2014 1:25:22 AM org.owasp.dependencycheck.data.nvdcve.CveDB finalize
FINE: Entering finalize |
Hello, Sorry that this issue/thread fell off my radar - I should have re-opened the issue when you posted the problem above. Version 1.2.8 will be released within the next few days. The maven plugin has been completely reworked and one of the problems identified was an incorrect annotation on the mojo: requiresDependencyResolution = ResolutionScope.COMPILE_PLUS_RUNTIME, I'll re-open this issue for now. When 1.2.8 is released please let me know if you are still experiencing an issue. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Is it possible to configure the dependencyCheck plugin in the reporting section of maven ?
i tried this solution but i have a blank page instead of the report.
The text was updated successfully, but these errors were encountered: