jeremylong · jeremylong · Apr 19, 2023 · Apr 19, 2023 · Apr 19, 2023
diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -591,6 +591,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
                 cli.hasOption(CliParser.ARGUMENT.DISABLE_NODE_AUDIT_SKIPDEV));
         settings.setBooleanIfNotNull(Settings.KEYS.ANALYZER_NEXUS_ENABLED,
                 cli.hasOption(CliParser.ARGUMENT.ENABLE_NEXUS));
+        settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_CENTRAL_URL,
+                cli.getStringArgument(CliParser.ARGUMENT.CENTRAL_URL));
         settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_URL,
                 cli.getStringArgument(CliParser.ARGUMENT.OSSINDEX_URL));
         settings.setStringIfNotEmpty(Settings.KEYS.ANALYZER_OSSINDEX_USER,

diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -389,6 +389,8 @@ private void addAdvancedOptions(final Options options) {
                 .addOption(newOptionWithArg(ARGUMENT.PATH_TO_BUNDLE_AUDIT_WORKING_DIRECTORY, "path",
                         "The path to working directory that the bundle-audit command should be executed from when "
                         + "doing Gem bundle analysis."))
+                .addOption(newOptionWithArg(ARGUMENT.CENTRAL_URL, "url",
+                        "Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used."))
                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_URL, "url",
                         "Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used."))
                 .addOption(newOptionWithArg(ARGUMENT.OSSINDEX_USERNAME, "username",
@@ -1310,6 +1312,10 @@ public static class ARGUMENT {
          * Disables the Central Analyzer's ability to cache results locally.
          */
         public static final String DISABLE_CENTRAL_CACHE = "disableCentralCache";
+        /**
+         * The alternative URL for Maven Central Search.
+         */
+        public static final String CENTRAL_URL = "centralUrl";
         /**
          * Disables the Nexus Analyzer.
          */

diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md
@@ -81,6 +81,7 @@ Advanced Options
 |       | \-\-ossIndexUrl                       | \<url\>         | Alternative URL for the OSS Index. If not set the public Sonatype OSS Index will be used.                                                                                                              | https://ossindex.sonatype.org |
 |       | \-\-disableCentral                    |                 | Sets whether the Central Analyzer will be used. **Disabling this analyzer is not recommended as it could lead to false negatives (e.g. libraries that have vulnerabilities may not be reported correctly).** If this analyzer is being disabled there is a good chance you also want to disable the Artifactory or Nexus Analyzer. | &nbsp; |
 |       | \-\-disableCentralCache               |                 | When the argument is present the Central Analyzer will not cache results locally. By default results are cached locally for 30 days.                                                                   | &nbsp; |
+|       | \-\-centralUrl                        |                 | Alternative URL for Maven Central Search. If not set the public Sonatype Maven Central will be used.                                                                                                   | https://search.maven.org/solrsearch/select |
 |       | \-\-enableNexus                       |                 | Sets whether the Nexus Analyzer will be used (requires Nexus v2 or Pro v3). You can configure the Nexus URL to utilize an internally hosted Nexus server.                                              | &nbsp; |
 |       | \-\-enableArtifactory                 |                 | Sets whether Artifactory analyzer will be used                                                                                                                                                         | &nbsp; |
 |       | \-\-artifactoryUrl                    | \<url\>         | The Artifactory server URL.                                                                                                                                                                            | &nbsp; |

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java b/core/src/main/java/org/owasp/dependencycheck/data/central/CentralSearch.java
@@ -214,7 +214,8 @@ public List<MavenArtifact> searchSha1(String sha1) throws IOException, TooManyRe
                 }
             } catch (ParserConfigurationException | IOException | SAXException | XPathExpressionException e) {
                 // Anything else is jacked up XML stuff that we really can't recover from well
-                throw new IOException(e.getMessage(), e);
+                final String errorMessage = "Failed to parse MavenCentral XML Response: " + e.getMessage();
+                throw new IOException(errorMessage, e);
             }
 
             if (missing) {