DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

What are all hostnames that CLI tool reaches out to on the internet?

Open alan-czajkowski opened this issue 1 year ago • 5 comments
trafficstars

I have internet completely blocked at my organization, but I am able to whitelist certain hostnames.

What are all hostnames that CLI tool reaches out to on the internet?

alan-czajkowski avatar Apr 17 '24 14:04 alan-czajkowski

@jeremylong is this information documented somewhere?

alan-czajkowski avatar Apr 18 '24 19:04 alan-czajkowski

I don't think it is "documented" anywhere but the source code. Luckily - just look for URLs in https://github.com/jeremylong/DependencyCheck/blob/main/core/src/main/resources/dependencycheck.properties

There aren't that many.

jeremylong avatar Apr 18 '24 21:04 jeremylong

The actual nvd.api.datafeed.url is not currently in that file.

OrangeDog avatar Apr 19 '24 15:04 OrangeDog

The nvd.api.datafeed.url isn't used unless you specifically set it.

jeremylong avatar Apr 19 '24 21:04 jeremylong

But the tool still talks to the API at the default location, which isn't listed in that file.

OrangeDog avatar May 14 '24 10:05 OrangeDog