Class DependencyCheckScanAgent

java.lang.Object
org.owasp.dependencycheck.agent.DependencyCheckScanAgent
@NotThreadSafe public class DependencyCheckScanAgent extends Object
This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other datasource and conduct a scan based on this pre-defined evidence.

Example:

List<Dependency> dependencies = new ArrayList<Dependency>();
Dependency dependency = new Dependency(new File(FileUtils.getBitBucket()));
dependency.addEvidence(EvidenceType.PRODUCT, "my-datasource", "name", "Jetty", Confidence.HIGH);
dependency.addEvidence(EvidenceType.VERSION, "my-datasource", "version", "5.1.10", Confidence.HIGH);
dependency.addEvidence(EvidenceType.VENDOR, "my-datasource", "vendor", "mortbay", Confidence.HIGH);
dependencies.add(dependency);

DependencyCheckScanAgent scan = new DependencyCheckScanAgent();
scan.setDependencies(dependencies);
scan.setReportFormat(ReportGenerator.Format.ALL);
scan.setReportOutputDirectory(System.getProperty("user.home"));
scan.execute();
Author:
Steve Springett

  • Constructor Details

    • DependencyCheckScanAgent

      public DependencyCheckScanAgent()

  • Method Details

    • getApplicationName

      public String getApplicationName()
      Get the value of applicationName.
      Returns:
      the value of applicationName

    • setApplicationName

      public void setApplicationName(String applicationName)
      Set the value of applicationName.
      Parameters:
      applicationName - new value of applicationName

    • getNvdApiKey

      public String getNvdApiKey()
      Get the value of nvdApiKey.
      Returns:
      the value of nvdApiKey

    • setNvdApiKey

      public void setNvdApiKey(String nvdApiKey)
      Set the value of nvdApiKey.
      Parameters:
      nvdApiKey - new value of nvdApiKey

    • getDependencies

      public List<Dependency> getDependencies()
      Returns a list of pre-determined dependencies.
      Returns:
      returns a list of dependencies

    • setDependencies

      public void setDependencies(List<Dependency> dependencies)
      Sets the list of dependencies to scan.
      Parameters:
      dependencies - new value of dependencies

    • getDataDirectory

      public String getDataDirectory()
      Get the value of dataDirectory.
      Returns:
      the value of dataDirectory

    • setDataDirectory

      public void setDataDirectory(String dataDirectory)
      Set the value of dataDirectory.
      Parameters:
      dataDirectory - new value of dataDirectory

    • getReportOutputDirectory

      public String getReportOutputDirectory()
      Get the value of reportOutputDirectory.
      Returns:
      the value of reportOutputDirectory

    • setReportOutputDirectory

      public void setReportOutputDirectory(String reportOutputDirectory)
      Set the value of reportOutputDirectory.
      Parameters:
      reportOutputDirectory - new value of reportOutputDirectory

    • getFailBuildOnCVSS

      public Double getFailBuildOnCVSS()
      Get the value of failBuildOnCVSS.
      Returns:
      the value of failBuildOnCVSS

    • setFailBuildOnCVSS

      public void setFailBuildOnCVSS(Double failBuildOnCVSS)
      Set the value of failBuildOnCVSS.
      Parameters:
      failBuildOnCVSS - new value of failBuildOnCVSS

    • isAutoUpdate

      public boolean isAutoUpdate()
      Get the value of autoUpdate.
      Returns:
      the value of autoUpdate

    • setAutoUpdate

      public void setAutoUpdate(boolean autoUpdate)
      Set the value of autoUpdate.
      Parameters:
      autoUpdate - new value of autoUpdate

    • isUpdateOnly

      public boolean isUpdateOnly()
      Get the value of updateOnly.
      Returns:
      the value of updateOnly

    • setUpdateOnly

      public void setUpdateOnly(boolean updateOnly)
      Set the value of updateOnly.
      Parameters:
      updateOnly - new value of updateOnly

    • isGenerateReport

      public boolean isGenerateReport()
      Get the value of generateReport.
      Returns:
      the value of generateReport

    • setGenerateReport

      public void setGenerateReport(boolean generateReport)
      Set the value of generateReport.
      Parameters:
      generateReport - new value of generateReport

    • getReportFormat

      public ReportGenerator.Format getReportFormat()
      Get the value of reportFormat.
      Returns:
      the value of reportFormat

    • setReportFormat

      public void setReportFormat(ReportGenerator.Format reportFormat)
      Set the value of reportFormat.
      Parameters:
      reportFormat - new value of reportFormat

    • getProxyServer

      public String getProxyServer()
      Get the value of proxyServer.
      Returns:
      the value of proxyServer

    • setProxyServer

      public void setProxyServer(String proxyServer)
      Set the value of proxyServer.
      Parameters:
      proxyServer - new value of proxyServer

    • getProxyUrl

      @Deprecated public String getProxyUrl()
      Deprecated.
      use getProxyServer() instead
      Get the value of proxyServer.
      Returns:
      the value of proxyServer

    • setProxyUrl

      @Deprecated public void setProxyUrl(String proxyUrl)
      Deprecated.
      use setProxyServer(java.lang.String) instead
      Set the value of proxyServer.
      Parameters:
      proxyUrl - new value of proxyServer

    • getProxyPort

      public String getProxyPort()
      Get the value of proxyPort.
      Returns:
      the value of proxyPort

    • setProxyPort

      public void setProxyPort(String proxyPort)
      Set the value of proxyPort.
      Parameters:
      proxyPort - new value of proxyPort

    • getProxyUsername

      public String getProxyUsername()
      Get the value of proxyUsername.
      Returns:
      the value of proxyUsername

    • setProxyUsername

      public void setProxyUsername(String proxyUsername)
      Set the value of proxyUsername.
      Parameters:
      proxyUsername - new value of proxyUsername

    • getProxyPassword

      public String getProxyPassword()
      Get the value of proxyPassword.
      Returns:
      the value of proxyPassword

    • setProxyPassword

      public void setProxyPassword(String proxyPassword)
      Set the value of proxyPassword.
      Parameters:
      proxyPassword - new value of proxyPassword

    • getConnectionTimeout

      public String getConnectionTimeout()
      Get the value of connectionTimeout.
      Returns:
      the value of connectionTimeout

    • setConnectionTimeout

      public void setConnectionTimeout(String connectionTimeout)
      Set the value of connectionTimeout.
      Parameters:
      connectionTimeout - new value of connectionTimeout

    • getReadTimeout

      public String getReadTimeout()
      Get the value of readTimeout.
      Returns:
      the value of readTimeout

    • setReadTimeout

      public void setReadTimeout(String readTimeout)
      Set the value of readTimeout.
      Parameters:
      readTimeout - new value of readTimeout

    • getLogFile

      public String getLogFile()
      Get the value of logFile.
      Returns:
      the value of logFile

    • setLogFile

      public void setLogFile(String logFile)
      Set the value of logFile.
      Parameters:
      logFile - new value of logFile

    • getSuppressionFile

      public String getSuppressionFile()
      Get the value of suppressionFile.
      Returns:
      the value of suppressionFile

    • setSuppressionFile

      public void setSuppressionFile(String suppressionFile)
      Set the value of suppressionFile.
      Parameters:
      suppressionFile - new value of suppressionFile

    • isShowSummary

      public boolean isShowSummary()
      Get the value of showSummary.
      Returns:
      the value of showSummary

    • setShowSummary

      public void setShowSummary(boolean showSummary)
      Set the value of showSummary.
      Parameters:
      showSummary - new value of showSummary

    • setCpeStartsWithFilter

      public void setCpeStartsWithFilter(String cpeStartsWithFilter)
      Sets starting string that identifies CPEs that are qualified to be imported.
      Parameters:
      cpeStartsWithFilter - filters CPEs based on this starting string (i.e. cpe:/a: )

    • getCpeStartsWithFilter

      public String getCpeStartsWithFilter()
      Returns the starting string that identifies CPEs that are qualified to be imported.
      Returns:
      the CPE starting filter (i.e. cpe:/a: )

    • isFailOnUnusedSuppressionRule

      public boolean isFailOnUnusedSuppressionRule()
      Get the value of failOnUnusedSuppressionRule.
      Returns:
      the value of failOnUnusedSuppressionRule

    • setFailOnUnusedSuppressionRule

      public void setFailOnUnusedSuppressionRule(boolean failOnUnusedSuppressionRule)
      Set the value of failOnUnusedSuppressionRule.
      Parameters:
      failOnUnusedSuppressionRule - new value of failOnUnusedSuppressionRule

    • isCentralAnalyzerEnabled

      public boolean isCentralAnalyzerEnabled()
      Get the value of centralAnalyzerEnabled.
      Returns:
      the value of centralAnalyzerEnabled

    • setCentralAnalyzerEnabled

      public void setCentralAnalyzerEnabled(boolean centralAnalyzerEnabled)
      Set the value of centralAnalyzerEnabled.
      Parameters:
      centralAnalyzerEnabled - new value of centralAnalyzerEnabled

    • getCentralUrl

      public String getCentralUrl()
      Get the value of centralUrl.
      Returns:
      the value of centralUrl

    • setCentralUrl

      public void setCentralUrl(String centralUrl)
      Set the value of centralUrl.
      Parameters:
      centralUrl - new value of centralUrl

    • isNexusAnalyzerEnabled

      public boolean isNexusAnalyzerEnabled()
      Get the value of nexusAnalyzerEnabled.
      Returns:
      the value of nexusAnalyzerEnabled

    • setNexusAnalyzerEnabled

      public void setNexusAnalyzerEnabled(boolean nexusAnalyzerEnabled)
      Set the value of nexusAnalyzerEnabled.
      Parameters:
      nexusAnalyzerEnabled - new value of nexusAnalyzerEnabled

    • getNexusUrl

      public String getNexusUrl()
      Get the value of nexusUrl.
      Returns:
      the value of nexusUrl

    • setNexusUrl

      public void setNexusUrl(String nexusUrl)
      Set the value of nexusUrl.
      Parameters:
      nexusUrl - new value of nexusUrl

    • isNexusUsesProxy

      public boolean isNexusUsesProxy()
      Get the value of nexusUsesProxy.
      Returns:
      the value of nexusUsesProxy

    • setNexusUsesProxy

      public void setNexusUsesProxy(boolean nexusUsesProxy)
      Set the value of nexusUsesProxy.
      Parameters:
      nexusUsesProxy - new value of nexusUsesProxy

    • getDatabaseDriverName

      public String getDatabaseDriverName()
      Get the value of databaseDriverName.
      Returns:
      the value of databaseDriverName

    • setDatabaseDriverName

      public void setDatabaseDriverName(String databaseDriverName)
      Set the value of databaseDriverName.
      Parameters:
      databaseDriverName - new value of databaseDriverName

    • getDatabaseDriverPath

      public String getDatabaseDriverPath()
      Get the value of databaseDriverPath.
      Returns:
      the value of databaseDriverPath

    • setDatabaseDriverPath

      public void setDatabaseDriverPath(String databaseDriverPath)
      Set the value of databaseDriverPath.
      Parameters:
      databaseDriverPath - new value of databaseDriverPath

    • getConnectionString

      public String getConnectionString()
      Get the value of connectionString.
      Returns:
      the value of connectionString

    • setConnectionString

      public void setConnectionString(String connectionString)
      Set the value of connectionString.
      Parameters:
      connectionString - new value of connectionString

    • getDatabaseUser

      public String getDatabaseUser()
      Get the value of databaseUser.
      Returns:
      the value of databaseUser

    • setDatabaseUser

      public void setDatabaseUser(String databaseUser)
      Set the value of databaseUser.
      Parameters:
      databaseUser - new value of databaseUser

    • getDatabasePassword

      public String getDatabasePassword()
      Get the value of databasePassword.
      Returns:
      the value of databasePassword

    • setDatabasePassword

      public void setDatabasePassword(String databasePassword)
      Set the value of databasePassword.
      Parameters:
      databasePassword - new value of databasePassword

    • getZipExtensions

      public String getZipExtensions()
      Get the value of zipExtensions.
      Returns:
      the value of zipExtensions

    • setZipExtensions

      public void setZipExtensions(String zipExtensions)
      Set the value of zipExtensions.
      Parameters:
      zipExtensions - new value of zipExtensions

    • getPathToDotnetCore

      public String getPathToDotnetCore()
      Get the value of pathToCore.
      Returns:
      the value of pathToCore

    • setPathToDotnetCore

      public void setPathToDotnetCore(String pathToCore)
      Set the value of pathToCore.
      Parameters:
      pathToCore - new value of pathToCore

    • getPropertiesFilePath

      public String getPropertiesFilePath()
      Get the value of propertiesFilePath.
      Returns:
      the value of propertiesFilePath

    • setPropertiesFilePath

      public void setPropertiesFilePath(String propertiesFilePath)
      Set the value of propertiesFilePath.
      Parameters:
      propertiesFilePath - new value of propertiesFilePath

    • execute

      public Engine execute() throws ScanAgentException
      Executes the dependency-check and generates the report.
      Returns:
      a reference to the engine used to perform the scan.
      Throws:
      ScanAgentException - thrown if there is an exception executing the scan.

    • showSummary

      public static void showSummary(Dependency[] dependencies)
      Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
      Parameters:
      dependencies - a list of dependency objects

    • showSummary

      public static void showSummary(String projectName, Dependency[] dependencies)
      Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
      Parameters:
      projectName - the name of the project
      dependencies - a list of dependency objects