Package org.owasp.dependencycheck.agent

Class DependencyCheckScanAgent

  • @NotThreadSafe
public class DependencyCheckScanAgent
extends java.lang.Object
    This class provides a way to easily conduct a scan solely based on existing evidence metadata rather than collecting evidence from the files themselves. This class is based on the Ant task and Maven plugin with the exception that it takes a list of dependencies that can be programmatically added from data in a spreadsheet, database or some other datasource and conduct a scan based on this pre-defined evidence.

    Example:

     List<Dependency> dependencies = new ArrayList<Dependency>();
 Dependency dependency = new Dependency(new File(FileUtils.getBitBucket()));
 dependency.addEvidence(EvidenceType.PRODUCT, "my-datasource", "name", "Jetty", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VERSION, "my-datasource", "version", "5.1.10", Confidence.HIGH);
 dependency.addEvidence(EvidenceType.VENDOR, "my-datasource", "vendor", "mortbay", Confidence.HIGH);
 dependencies.add(dependency);

 DependencyCheckScanAgent scan = new DependencyCheckScanAgent();
 scan.setDependencies(dependencies);
 scan.setReportFormat(ReportGenerator.Format.ALL);
 scan.setReportOutputDirectory(System.getProperty("user.home"));
 scan.execute();
    Author:
    Steve Springett

    • Constructor Detail

      • DependencyCheckScanAgent

        public DependencyCheckScanAgent()

    • Method Detail

      • getApplicationName

        public java.lang.String getApplicationName()
        Get the value of applicationName.
        Returns:
        the value of applicationName

      • setApplicationName

        public void setApplicationName​(java.lang.String applicationName)
        Set the value of applicationName.
        Parameters:
        applicationName - new value of applicationName

      • getNvdApiKey

        public java.lang.String getNvdApiKey()
        Get the value of nvdApiKey.
        Returns:
        the value of nvdApiKey

      • setNvdApiKey

        public void setNvdApiKey​(java.lang.String nvdApiKey)
        Set the value of nvdApiKey.
        Parameters:
        nvdApiKey - new value of nvdApiKey

      • getDependencies

        public java.util.List<Dependency> getDependencies()
        Returns a list of pre-determined dependencies.
        Returns:
        returns a list of dependencies

      • setDependencies

        public void setDependencies​(java.util.List<Dependency> dependencies)
        Sets the list of dependencies to scan.
        Parameters:
        dependencies - new value of dependencies

      • getDataDirectory

        public java.lang.String getDataDirectory()
        Get the value of dataDirectory.
        Returns:
        the value of dataDirectory

      • setDataDirectory

        public void setDataDirectory​(java.lang.String dataDirectory)
        Set the value of dataDirectory.
        Parameters:
        dataDirectory - new value of dataDirectory

      • getReportOutputDirectory

        public java.lang.String getReportOutputDirectory()
        Get the value of reportOutputDirectory.
        Returns:
        the value of reportOutputDirectory

      • setReportOutputDirectory

        public void setReportOutputDirectory​(java.lang.String reportOutputDirectory)
        Set the value of reportOutputDirectory.
        Parameters:
        reportOutputDirectory - new value of reportOutputDirectory

      • getFailBuildOnCVSS

        public java.lang.Double getFailBuildOnCVSS()
        Get the value of failBuildOnCVSS.
        Returns:
        the value of failBuildOnCVSS

      • setFailBuildOnCVSS

        public void setFailBuildOnCVSS​(java.lang.Double failBuildOnCVSS)
        Set the value of failBuildOnCVSS.
        Parameters:
        failBuildOnCVSS - new value of failBuildOnCVSS

      • isAutoUpdate

        public boolean isAutoUpdate()
        Get the value of autoUpdate.
        Returns:
        the value of autoUpdate

      • setAutoUpdate

        public void setAutoUpdate​(boolean autoUpdate)
        Set the value of autoUpdate.
        Parameters:
        autoUpdate - new value of autoUpdate

      • isUpdateOnly

        public boolean isUpdateOnly()
        Get the value of updateOnly.
        Returns:
        the value of updateOnly

      • setUpdateOnly

        public void setUpdateOnly​(boolean updateOnly)
        Set the value of updateOnly.
        Parameters:
        updateOnly - new value of updateOnly

      • isGenerateReport

        public boolean isGenerateReport()
        Get the value of generateReport.
        Returns:
        the value of generateReport

      • setGenerateReport

        public void setGenerateReport​(boolean generateReport)
        Set the value of generateReport.
        Parameters:
        generateReport - new value of generateReport

      • getReportFormat

        public ReportGenerator.Format getReportFormat()
        Get the value of reportFormat.
        Returns:
        the value of reportFormat

      • setReportFormat

        public void setReportFormat​(ReportGenerator.Format reportFormat)
        Set the value of reportFormat.
        Parameters:
        reportFormat - new value of reportFormat

      • getProxyServer

        public java.lang.String getProxyServer()
        Get the value of proxyServer.
        Returns:
        the value of proxyServer

      • setProxyServer

        public void setProxyServer​(java.lang.String proxyServer)
        Set the value of proxyServer.
        Parameters:
        proxyServer - new value of proxyServer

      • getProxyUrl

        @Deprecated
public java.lang.String getProxyUrl()
        Deprecated.
        use getProxyServer() instead
        Get the value of proxyServer.
        Returns:
        the value of proxyServer

      • setProxyUrl

        @Deprecated
public void setProxyUrl​(java.lang.String proxyUrl)
        Deprecated.
        use setProxyServer(java.lang.String) instead
        Set the value of proxyServer.
        Parameters:
        proxyUrl - new value of proxyServer

      • getProxyPort

        public java.lang.String getProxyPort()
        Get the value of proxyPort.
        Returns:
        the value of proxyPort

      • setProxyPort

        public void setProxyPort​(java.lang.String proxyPort)
        Set the value of proxyPort.
        Parameters:
        proxyPort - new value of proxyPort

      • getProxyUsername

        public java.lang.String getProxyUsername()
        Get the value of proxyUsername.
        Returns:
        the value of proxyUsername

      • setProxyUsername

        public void setProxyUsername​(java.lang.String proxyUsername)
        Set the value of proxyUsername.
        Parameters:
        proxyUsername - new value of proxyUsername

      • getProxyPassword

        public java.lang.String getProxyPassword()
        Get the value of proxyPassword.
        Returns:
        the value of proxyPassword

      • setProxyPassword

        public void setProxyPassword​(java.lang.String proxyPassword)
        Set the value of proxyPassword.
        Parameters:
        proxyPassword - new value of proxyPassword

      • getConnectionTimeout

        public java.lang.String getConnectionTimeout()
        Get the value of connectionTimeout.
        Returns:
        the value of connectionTimeout

      • setConnectionTimeout

        public void setConnectionTimeout​(java.lang.String connectionTimeout)
        Set the value of connectionTimeout.
        Parameters:
        connectionTimeout - new value of connectionTimeout

      • getReadTimeout

        public java.lang.String getReadTimeout()
        Get the value of readTimeout.
        Returns:
        the value of readTimeout

      • setReadTimeout

        public void setReadTimeout​(java.lang.String readTimeout)
        Set the value of readTimeout.
        Parameters:
        readTimeout - new value of readTimeout

      • getLogFile

        public java.lang.String getLogFile()
        Get the value of logFile.
        Returns:
        the value of logFile

      • setLogFile

        public void setLogFile​(java.lang.String logFile)
        Set the value of logFile.
        Parameters:
        logFile - new value of logFile

      • getSuppressionFile

        public java.lang.String getSuppressionFile()
        Get the value of suppressionFile.
        Returns:
        the value of suppressionFile

      • setSuppressionFile

        public void setSuppressionFile​(java.lang.String suppressionFile)
        Set the value of suppressionFile.
        Parameters:
        suppressionFile - new value of suppressionFile

      • isShowSummary

        public boolean isShowSummary()
        Get the value of showSummary.
        Returns:
        the value of showSummary

      • setShowSummary

        public void setShowSummary​(boolean showSummary)
        Set the value of showSummary.
        Parameters:
        showSummary - new value of showSummary

      • setCpeStartsWithFilter

        public void setCpeStartsWithFilter​(java.lang.String cpeStartsWithFilter)
        Sets starting string that identifies CPEs that are qualified to be imported.
        Parameters:
        cpeStartsWithFilter - filters CPEs based on this starting string (i.e. cpe:/a: )

      • getCpeStartsWithFilter

        public java.lang.String getCpeStartsWithFilter()
        Returns the starting string that identifies CPEs that are qualified to be imported.
        Returns:
        the CPE starting filter (i.e. cpe:/a: )

      • isFailOnUnusedSuppressionRule

        public boolean isFailOnUnusedSuppressionRule()
        Get the value of failOnUnusedSuppressionRule.
        Returns:
        the value of failOnUnusedSuppressionRule

      • setFailOnUnusedSuppressionRule

        public void setFailOnUnusedSuppressionRule​(boolean failOnUnusedSuppressionRule)
        Set the value of failOnUnusedSuppressionRule.
        Parameters:
        failOnUnusedSuppressionRule - new value of failOnUnusedSuppressionRule

      • isCentralAnalyzerEnabled

        public boolean isCentralAnalyzerEnabled()
        Get the value of centralAnalyzerEnabled.
        Returns:
        the value of centralAnalyzerEnabled

      • setCentralAnalyzerEnabled

        public void setCentralAnalyzerEnabled​(boolean centralAnalyzerEnabled)
        Set the value of centralAnalyzerEnabled.
        Parameters:
        centralAnalyzerEnabled - new value of centralAnalyzerEnabled

      • getCentralUrl

        public java.lang.String getCentralUrl()
        Get the value of centralUrl.
        Returns:
        the value of centralUrl

      • setCentralUrl

        public void setCentralUrl​(java.lang.String centralUrl)
        Set the value of centralUrl.
        Parameters:
        centralUrl - new value of centralUrl

      • isNexusAnalyzerEnabled

        public boolean isNexusAnalyzerEnabled()
        Get the value of nexusAnalyzerEnabled.
        Returns:
        the value of nexusAnalyzerEnabled

      • setNexusAnalyzerEnabled

        public void setNexusAnalyzerEnabled​(boolean nexusAnalyzerEnabled)
        Set the value of nexusAnalyzerEnabled.
        Parameters:
        nexusAnalyzerEnabled - new value of nexusAnalyzerEnabled

      • getNexusUrl

        public java.lang.String getNexusUrl()
        Get the value of nexusUrl.
        Returns:
        the value of nexusUrl

      • setNexusUrl

        public void setNexusUrl​(java.lang.String nexusUrl)
        Set the value of nexusUrl.
        Parameters:
        nexusUrl - new value of nexusUrl

      • isNexusUsesProxy

        public boolean isNexusUsesProxy()
        Get the value of nexusUsesProxy.
        Returns:
        the value of nexusUsesProxy

      • setNexusUsesProxy

        public void setNexusUsesProxy​(boolean nexusUsesProxy)
        Set the value of nexusUsesProxy.
        Parameters:
        nexusUsesProxy - new value of nexusUsesProxy

      • getDatabaseDriverName

        public java.lang.String getDatabaseDriverName()
        Get the value of databaseDriverName.
        Returns:
        the value of databaseDriverName

      • setDatabaseDriverName

        public void setDatabaseDriverName​(java.lang.String databaseDriverName)
        Set the value of databaseDriverName.
        Parameters:
        databaseDriverName - new value of databaseDriverName

      • getDatabaseDriverPath

        public java.lang.String getDatabaseDriverPath()
        Get the value of databaseDriverPath.
        Returns:
        the value of databaseDriverPath

      • setDatabaseDriverPath

        public void setDatabaseDriverPath​(java.lang.String databaseDriverPath)
        Set the value of databaseDriverPath.
        Parameters:
        databaseDriverPath - new value of databaseDriverPath

      • getConnectionString

        public java.lang.String getConnectionString()
        Get the value of connectionString.
        Returns:
        the value of connectionString

      • setConnectionString

        public void setConnectionString​(java.lang.String connectionString)
        Set the value of connectionString.
        Parameters:
        connectionString - new value of connectionString

      • getDatabaseUser

        public java.lang.String getDatabaseUser()
        Get the value of databaseUser.
        Returns:
        the value of databaseUser

      • setDatabaseUser

        public void setDatabaseUser​(java.lang.String databaseUser)
        Set the value of databaseUser.
        Parameters:
        databaseUser - new value of databaseUser

      • getDatabasePassword

        public java.lang.String getDatabasePassword()
        Get the value of databasePassword.
        Returns:
        the value of databasePassword

      • setDatabasePassword

        public void setDatabasePassword​(java.lang.String databasePassword)
        Set the value of databasePassword.
        Parameters:
        databasePassword - new value of databasePassword

      • getZipExtensions

        public java.lang.String getZipExtensions()
        Get the value of zipExtensions.
        Returns:
        the value of zipExtensions

      • setZipExtensions

        public void setZipExtensions​(java.lang.String zipExtensions)
        Set the value of zipExtensions.
        Parameters:
        zipExtensions - new value of zipExtensions

      • getPathToDotnetCore

        public java.lang.String getPathToDotnetCore()
        Get the value of pathToCore.
        Returns:
        the value of pathToCore

      • setPathToDotnetCore

        public void setPathToDotnetCore​(java.lang.String pathToCore)
        Set the value of pathToCore.
        Parameters:
        pathToCore - new value of pathToCore

      • getPropertiesFilePath

        public java.lang.String getPropertiesFilePath()
        Get the value of propertiesFilePath.
        Returns:
        the value of propertiesFilePath

      • setPropertiesFilePath

        public void setPropertiesFilePath​(java.lang.String propertiesFilePath)
        Set the value of propertiesFilePath.
        Parameters:
        propertiesFilePath - new value of propertiesFilePath

      • execute

        public Engine execute()
               throws ScanAgentException
        Executes the dependency-check and generates the report.
        Returns:
        a reference to the engine used to perform the scan.
        Throws:
        ScanAgentException - thrown if there is an exception executing the scan.

      • showSummary

        public static void showSummary​(Dependency[] dependencies)
        Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
        Parameters:
        dependencies - a list of dependency objects

      • showSummary

        public static void showSummary​(java.lang.String projectName,
                               Dependency[] dependencies)
        Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.
        Parameters:
        projectName - the name of the project
        dependencies - a list of dependency objects