DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

Equivalent parameters for setting CVEs mirror links in DC versions above 9.x.x

Open RunFox opened this issue 1 year ago • 1 comments
trafficstars

Hello,

In DC versions up to 9.x.x, it was possible to specify mirror links for Gradle and Maven tasks when launching them using parameters in the form of links to the CVE database:

-Dcve.url.modified
-Dcve.url.base

From version 9.x.x onwards, this seems to be no longer possible, since the cve block is no longer present.

Attempts to use something like -Dnvd.datafeedUrl have been unsuccessful.

Configuring a mirror link for each project in the pom.xml or build.gradle file is extremely inconvenient. Is there a way to specify it when launching the command with -D?

RunFox avatar Feb 06 '24 16:02 RunFox

See https://github.com/jeremylong/DependencyCheck/blob/39631db5a88ed2153435abd2630d8e32518aebc1/utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java#L194

So -Dnvd.api.datafeed.url=https://some.site should work.

jeremylong avatar Feb 07 '24 00:02 jeremylong