Class Settings.KEYS

java.lang.Object
org.owasp.dependencycheck.utils.Settings.KEYS
Enclosing class:
Settings
public static final class Settings.KEYS extends Object
The collection of keys used within the properties file.
Version:
$Id: $Id
Author:
Jeremy Long

  • Field Details

    • APPLICATION_NAME

      public static final String APPLICATION_NAME
      The key to obtain the application name.
      See Also:

    • APPLICATION_VERSION

      public static final String APPLICATION_VERSION
      The key to obtain the application version.
      See Also:

    • ENGINE_VERSION_CHECK_URL

      public static final String ENGINE_VERSION_CHECK_URL
      The key to obtain the URL to retrieve the current release version from.
      See Also:

    • AUTO_UPDATE

      public static final String AUTO_UPDATE
      The properties key indicating whether or not the cached data sources should be updated.
      See Also:

    • DB_DRIVER_NAME

      public static final String DB_DRIVER_NAME
      The database driver class name. If this is not in the properties file the embedded database is used.
      See Also:

    • DB_DRIVER_PATH

      public static final String DB_DRIVER_PATH
      The database driver class name. If this is not in the properties file the embedded database is used.
      See Also:

    • DB_CONNECTION_STRING

      public static final String DB_CONNECTION_STRING
      The database connection string. If this is not in the properties file the embedded database is used.
      See Also:

    • DB_USER

      public static final String DB_USER
      The username to use when connecting to the database.
      See Also:

    • DB_PASSWORD

      public static final String DB_PASSWORD
      The password to authenticate to the database.
      See Also:

    • DATA_DIRECTORY

      public static final String DATA_DIRECTORY
      The base path to use for the data directory (for embedded db and other cached resources from the Internet).
      See Also:

    • H2_DATA_DIRECTORY

      public static final String H2_DATA_DIRECTORY
      The base path to use for the H2 data directory (for embedded db).
      See Also:

    • DB_FILE_NAME

      public static final String DB_FILE_NAME
      The database file name.
      See Also:

    • DB_VERSION

      public static final String DB_VERSION
      The database schema version.
      See Also:

    • CVE_CPE_STARTS_WITH_FILTER

      public static final String CVE_CPE_STARTS_WITH_FILTER
      The starts with filter used to exclude CVE entries from the database. By default this is set to 'cpe:2.3:a:' which limits the CVEs imported to just those that are related to applications. If this were set to just 'cpe:2.3:' the OS, hardware, and application related CVEs would be imported.
      See Also:

    • NVD_API_ENDPOINT

      public static final String NVD_API_ENDPOINT
      The NVD API Endpoint.
      See Also:

    • NVD_API_KEY

      public static final String NVD_API_KEY
      API Key for the NVD API.
      See Also:

    • NVD_API_DELAY

      public static final String NVD_API_DELAY
      The delay between requests for the NVD API.
      See Also:

    • NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY

      public static final String NVD_API_REQUESTS_PER_30_SECONDS_WITHOUT_API_KEY
      The number of requests made to the NVD API per 30 seconds when no API KEY is provided.
      See Also:

    • NVD_API_REQUESTS_PER_30_SECONDS_WITH_API_KEY

      public static final String NVD_API_REQUESTS_PER_30_SECONDS_WITH_API_KEY
      The number of requests made to the NVD API per 30 seconds when an API KEY is provided.
      See Also:

    • NVD_API_MAX_RETRY_COUNT

      public static final String NVD_API_MAX_RETRY_COUNT
      The maximum number of retry requests for a single call to the NVD API.
      See Also:

    • NVD_API_VALID_FOR_HOURS

      public static final String NVD_API_VALID_FOR_HOURS
      The properties key to control the skipping of the check for NVD updates.
      See Also:

    • NVD_API_RESULTS_PER_PAGE

      public static final String NVD_API_RESULTS_PER_PAGE
      The properties key to control the results per page lower than NVD's default of 2000 See #6863 for the rationale on allowing lower configurations.
      See Also:

    • NVD_API_DATAFEED_VALID_FOR_DAYS

      public static final String NVD_API_DATAFEED_VALID_FOR_DAYS
      The properties key that indicates how often the NVD API data feed needs to be updated before a full refresh is evaluated.
      See Also:

    • NVD_API_DATAFEED_URL

      public static final String NVD_API_DATAFEED_URL
      The URL for the NVD API Data Feed.
      See Also:

    • NVD_API_DATAFEED_USER

      public static final String NVD_API_DATAFEED_USER
      The username to use when connecting to the NVD Data feed. For use when NVD API Data is hosted as datafeeds locally on a site requiring HTTP-Basic-authentication.
      See Also:

    • NVD_API_DATAFEED_PASSWORD

      public static final String NVD_API_DATAFEED_PASSWORD
      The password to authenticate to the NVD Data feed. For use when NVD API Data is hosted as datafeeds locally on a site requiring HTTP-Basic-authentication.
      See Also:

    • NVD_API_DATAFEED_BEARER_TOKEN

      public static final String NVD_API_DATAFEED_BEARER_TOKEN
      The token to authenticate to the NVD Data feed. For use when NVD API Data is hosted as datafeeds locally on a site requiring HTTP-Bearer-authentication.
      See Also:

    • NVD_API_DATAFEED_START_YEAR

      public static final String NVD_API_DATAFEED_START_YEAR
      The starting year for the NVD CVE Data feed cache.
      See Also:

    • ANALYZER_NVD_CVE_ENABLED

      public static final String ANALYZER_NVD_CVE_ENABLED
      The key to determine if the NVD CVE analyzer is enabled.
      See Also:

    • CPE_MODIFIED_VALID_FOR_DAYS

      @Deprecated(forRemoval=true, since="v2.0.0") public static final String CPE_MODIFIED_VALID_FOR_DAYS
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The properties key that indicates how often the CPE data needs to be updated.
      See Also:

    • CPE_URL

      @Deprecated(forRemoval=true, since="v2.0.0") public static final String CPE_URL
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The properties key for the URL to retrieve the CPE.
      See Also:

    • KEV_URL

      public static final String KEV_URL
      The properties key for the URL to retrieve the Known Exploited Vulnerabilities..
      See Also:

    • KEV_USER

      public static final String KEV_USER
      The properties key for the hosted suppressions username. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Basic-authentication
      See Also:

    • KEV_PASSWORD

      public static final String KEV_PASSWORD
      The properties key for the hosted suppressions password. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Basic-authentication
      See Also:

    • KEV_BEARER_TOKEN

      public static final String KEV_BEARER_TOKEN
      The properties key for the hosted suppressions bearertoken. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Bearer-authentication
      See Also:

    • KEV_CHECK_VALID_FOR_HOURS

      public static final String KEV_CHECK_VALID_FOR_HOURS
      The properties key to control the skipping of the check for Known Exploited Vulnerabilities updates.
      See Also:

    • PROXY_DISABLE_SCHEMAS

      @Deprecated(forRemoval=true, since="v12.1.2") public static final String PROXY_DISABLE_SCHEMAS
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      Whether or not if using basic auth with a proxy the system setting 'jdk.http.auth.tunneling.disabledSchemes' should be set to an empty string.
      See Also:

    • PROXY_SERVER

      public static final String PROXY_SERVER
      The properties key for the proxy server.
      See Also:

    • PROXY_PORT

      public static final String PROXY_PORT
      The properties key for the proxy port - this must be an integer value.
      See Also:

    • PROXY_USERNAME

      public static final String PROXY_USERNAME
      The properties key for the proxy username.
      See Also:

    • PROXY_PASSWORD

      public static final String PROXY_PASSWORD
      The properties key for the proxy password.
      See Also:

    • PROXY_NON_PROXY_HOSTS

      public static final String PROXY_NON_PROXY_HOSTS
      The properties key for the non proxy hosts.
      See Also:

    • CONNECTION_TIMEOUT

      public static final String CONNECTION_TIMEOUT
      The properties key for the connection timeout.
      See Also:

    • CONNECTION_READ_TIMEOUT

      public static final String CONNECTION_READ_TIMEOUT
      The properties key for the connection read timeout.
      See Also:

    • TEMP_DIRECTORY

      public static final String TEMP_DIRECTORY
      The location of the temporary directory.
      See Also:

    • MAX_DOWNLOAD_THREAD_POOL_SIZE

      public static final String MAX_DOWNLOAD_THREAD_POOL_SIZE
      The maximum number of threads to allocate when downloading files.
      See Also:

    • ANALYSIS_TIMEOUT

      public static final String ANALYSIS_TIMEOUT
      The properties key for the analysis timeout.
      See Also:

    • SUPPRESSION_FILE

      public static final String SUPPRESSION_FILE
      The key for the suppression file.
      See Also:

    • SUPPRESSION_FILE_USER

      public static final String SUPPRESSION_FILE_USER
      The properties key for the username used when connecting to the suppressionFiles. For use when your suppressionFiles are hosted on a site requiring HTTP-Basic-authentication.
      See Also:

    • SUPPRESSION_FILE_PASSWORD

      public static final String SUPPRESSION_FILE_PASSWORD
      The properties key for the password used when connecting to the suppressionFiles. For use when your suppressionFiles are hosted on a site requiring HTTP-Basic-authentication.
      See Also:

    • SUPPRESSION_FILE_BEARER_TOKEN

      public static final String SUPPRESSION_FILE_BEARER_TOKEN
      The properties key for the token used when connecting to the suppressionFiles. For use when your suppressionFiles are hosted on a site requiring HTTP-Bearer-authentication.
      See Also:

    • HOSTED_SUPPRESSIONS_ENABLED

      public static final String HOSTED_SUPPRESSIONS_ENABLED
      The key for the whether the hosted suppressions file datasource is enabled.
      See Also:

    • HOSTED_SUPPRESSIONS_URL

      public static final String HOSTED_SUPPRESSIONS_URL
      The key for the hosted suppressions file URL.
      See Also:

    • HOSTED_SUPPRESSIONS_USER

      public static final String HOSTED_SUPPRESSIONS_USER
      The properties key for the hosted suppressions username. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Basic-authentication
      See Also:

    • HOSTED_SUPPRESSIONS_PASSWORD

      public static final String HOSTED_SUPPRESSIONS_PASSWORD
      The properties key for the hosted suppressions password. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Basic-authentication
      See Also:

    • HOSTED_SUPPRESSIONS_BEARER_TOKEN

      public static final String HOSTED_SUPPRESSIONS_BEARER_TOKEN
      The properties key for the hosted suppressions bearer token. For use when hosted suppressions are mirrored locally on a site requiring HTTP-Bearer-authentication
      See Also:

    • HOSTED_SUPPRESSIONS_FORCEUPDATE

      public static final String HOSTED_SUPPRESSIONS_FORCEUPDATE
      The properties key for defining whether the hosted suppressions file will be updated regardless of the autoupdate settings.
      See Also:

    • HOSTED_SUPPRESSIONS_VALID_FOR_HOURS

      public static final String HOSTED_SUPPRESSIONS_VALID_FOR_HOURS
      The properties key to control the skipping of the check for hosted suppressions file updates.
      See Also:

    • HINTS_FILE

      public static final String HINTS_FILE
      The key for the hint file.
      See Also:

    • JUNIT_FAIL_ON_CVSS

      public static final String JUNIT_FAIL_ON_CVSS
      The key for the property that controls what CVSS scores are considered failing test cases for the JUNIT repor.
      See Also:

    • ANALYZER_JAR_ENABLED

      public static final String ANALYZER_JAR_ENABLED
      The properties key for whether the Jar Analyzer is enabled.
      See Also:

    • ANALYZER_KNOWN_EXPLOITED_ENABLED

      public static final String ANALYZER_KNOWN_EXPLOITED_ENABLED
      The properties key for whether the Known Exploited Vulnerability Analyzer is enabled.
      See Also:

    • ANALYZER_EXPERIMENTAL_ENABLED

      public static final String ANALYZER_EXPERIMENTAL_ENABLED
      The properties key for whether experimental analyzers are loaded.
      See Also:

    • ANALYZER_RETIRED_ENABLED

      public static final String ANALYZER_RETIRED_ENABLED
      The properties key for whether experimental analyzers are loaded.
      See Also:

    • ANALYZER_ARCHIVE_ENABLED

      public static final String ANALYZER_ARCHIVE_ENABLED
      The properties key for whether the Archive analyzer is enabled.
      See Also:

    • ANALYZER_NODE_PACKAGE_ENABLED

      public static final String ANALYZER_NODE_PACKAGE_ENABLED
      The properties key for whether the node package analyzer is enabled.
      See Also:

    • ANALYZER_NODE_PACKAGE_SKIPDEV

      public static final String ANALYZER_NODE_PACKAGE_SKIPDEV
      The properties key for configure whether the Node Package analyzer should skip devDependencies.
      See Also:

    • ANALYZER_NODE_AUDIT_ENABLED

      public static final String ANALYZER_NODE_AUDIT_ENABLED
      The properties key for whether the Node Audit analyzer is enabled.
      See Also:

    • ANALYZER_YARN_AUDIT_ENABLED

      public static final String ANALYZER_YARN_AUDIT_ENABLED
      The properties key for whether the Yarn Audit analyzer is enabled.
      See Also:

    • ANALYZER_PNPM_AUDIT_ENABLED

      public static final String ANALYZER_PNPM_AUDIT_ENABLED
      The properties key for whether the Pnpm Audit analyzer is enabled.
      See Also:

    • ANALYZER_PNPM_AUDIT_REGISTRY

      public static final String ANALYZER_PNPM_AUDIT_REGISTRY
      The properties key for the Pnpm registry url.
      See Also:

    • ANALYZER_NODE_AUDIT_URL

      public static final String ANALYZER_NODE_AUDIT_URL
      The properties key for supplying the URL to the Node Audit API.
      See Also:

    • ANALYZER_NODE_AUDIT_SKIPDEV

      public static final String ANALYZER_NODE_AUDIT_SKIPDEV
      The properties key for configure whether the Node Audit analyzer should skip devDependencies.
      See Also:

    • ANALYZER_NODE_AUDIT_USE_CACHE

      public static final String ANALYZER_NODE_AUDIT_USE_CACHE
      The properties key for whether node audit analyzer results will be cached.
      See Also:

    • ANALYZER_RETIREJS_ENABLED

      public static final String ANALYZER_RETIREJS_ENABLED
      The properties key for whether the RetireJS analyzer is enabled.
      See Also:

    • ANALYZER_RETIREJS_FILTERS

      public static final String ANALYZER_RETIREJS_FILTERS
      The properties key for whether the RetireJS analyzer file content filters.
      See Also:

    • ANALYZER_RETIREJS_FILTER_NON_VULNERABLE

      public static final String ANALYZER_RETIREJS_FILTER_NON_VULNERABLE
      The properties key for whether the RetireJS analyzer should filter out non-vulnerable dependencies.
      See Also:

    • ANALYZER_RETIREJS_REPO_JS_URL

      public static final String ANALYZER_RETIREJS_REPO_JS_URL
      The properties key for defining the URL to the RetireJS repository.
      See Also:

    • ANALYZER_RETIREJS_REPO_JS_USER

      public static final String ANALYZER_RETIREJS_REPO_JS_USER
      The properties key for the RetireJS Repository username. For use when the RetireJS Repository is mirrored on a site requiring HTTP-Basic-authentication.
      See Also:

    • ANALYZER_RETIREJS_REPO_JS_PASSWORD

      public static final String ANALYZER_RETIREJS_REPO_JS_PASSWORD
      The properties key for the RetireJS Repository password. For use when the RetireJS Repository is mirrored on a site requiring HTTP-Basic-authentication.
      See Also:

    • ANALYZER_RETIREJS_REPO_JS_BEARER_TOKEN

      public static final String ANALYZER_RETIREJS_REPO_JS_BEARER_TOKEN
      The properties key for the token to download the RetireJS JSON data from an HTTP-Bearer-auth protected location. For use when the RetireJS Repository is mirrored on a site requiring HTTP-Bearer-authentication.
      See Also:

    • ANALYZER_RETIREJS_FORCEUPDATE

      public static final String ANALYZER_RETIREJS_FORCEUPDATE
      The properties key for defining whether the RetireJS repository will be updated regardless of the autoupdate settings.
      See Also:

    • ANALYZER_RETIREJS_REPO_VALID_FOR_HOURS

      public static final String ANALYZER_RETIREJS_REPO_VALID_FOR_HOURS
      The properties key to control the skipping of the check for CVE updates.
      See Also:

    • ANALYZER_COMPOSER_LOCK_ENABLED

      public static final String ANALYZER_COMPOSER_LOCK_ENABLED
      The properties key for whether the PHP composer lock file analyzer is enabled.
      See Also:

    • ANALYZER_COMPOSER_LOCK_SKIP_DEV

      public static final String ANALYZER_COMPOSER_LOCK_SKIP_DEV
      The properties key for whether the PHP composer lock file analyzer should skip dev packages.
      See Also:

    • ANALYZER_CPANFILE_ENABLED

      public static final String ANALYZER_CPANFILE_ENABLED
      The properties key for whether the Perl CPAN file file analyzer is enabled.
      See Also:

    • ANALYZER_PYTHON_DISTRIBUTION_ENABLED

      public static final String ANALYZER_PYTHON_DISTRIBUTION_ENABLED
      The properties key for whether the Python Distribution analyzer is enabled.
      See Also:

    • ANALYZER_PYTHON_PACKAGE_ENABLED

      public static final String ANALYZER_PYTHON_PACKAGE_ENABLED
      The properties key for whether the Python Package analyzer is enabled.
      See Also:

    • ANALYZER_MIX_AUDIT_ENABLED

      public static final String ANALYZER_MIX_AUDIT_ENABLED
      The properties key for whether the Elixir mix audit analyzer is enabled.
      See Also:

    • ANALYZER_MIX_AUDIT_PATH

      public static final String ANALYZER_MIX_AUDIT_PATH
      The path to mix_audit, if available.
      See Also:

    • ANALYZER_GOLANG_MOD_ENABLED

      public static final String ANALYZER_GOLANG_MOD_ENABLED
      The properties key for whether the Golang Mod analyzer is enabled.
      See Also:

    • ANALYZER_GOLANG_PATH

      public static final String ANALYZER_GOLANG_PATH
      The path to go, if available.
      See Also:

    • ANALYZER_YARN_PATH

      public static final String ANALYZER_YARN_PATH
      The path to go, if available.
      See Also:

    • ANALYZER_PNPM_PATH

      public static final String ANALYZER_PNPM_PATH
      The path to pnpm, if available.
      See Also:

    • ANALYZER_GOLANG_DEP_ENABLED

      public static final String ANALYZER_GOLANG_DEP_ENABLED
      The properties key for whether the Golang Dep analyzer is enabled.
      See Also:

    • ANALYZER_RUBY_GEMSPEC_ENABLED

      public static final String ANALYZER_RUBY_GEMSPEC_ENABLED
      The properties key for whether the Ruby Gemspec Analyzer is enabled.
      See Also:

    • ANALYZER_AUTOCONF_ENABLED

      public static final String ANALYZER_AUTOCONF_ENABLED
      The properties key for whether the Autoconf analyzer is enabled.
      See Also:

    • ANALYZER_MAVEN_INSTALL_ENABLED

      public static final String ANALYZER_MAVEN_INSTALL_ENABLED
      The properties key for whether the maven_install.json analyzer is enabled.
      See Also:

    • ANALYZER_PIP_ENABLED

      public static final String ANALYZER_PIP_ENABLED
      The properties key for whether the pip analyzer is enabled.
      See Also:

    • ANALYZER_PIPFILE_ENABLED

      public static final String ANALYZER_PIPFILE_ENABLED
      The properties key for whether the pipfile analyzer is enabled.
      See Also:

    • ANALYZER_POETRY_ENABLED

      public static final String ANALYZER_POETRY_ENABLED
      The properties key for whether the Poetry analyzer is enabled.
      See Also:

    • ANALYZER_CMAKE_ENABLED

      public static final String ANALYZER_CMAKE_ENABLED
      The properties key for whether the CMake analyzer is enabled.
      See Also:

    • ANALYZER_BUNDLE_AUDIT_ENABLED

      public static final String ANALYZER_BUNDLE_AUDIT_ENABLED
      The properties key for whether the Ruby Bundler Audit analyzer is enabled.
      See Also:

    • ANALYZER_ASSEMBLY_ENABLED

      public static final String ANALYZER_ASSEMBLY_ENABLED
      The properties key for whether the .NET Assembly analyzer is enabled.
      See Also:

    • ANALYZER_NUSPEC_ENABLED

      public static final String ANALYZER_NUSPEC_ENABLED
      The properties key for whether the .NET Nuspec analyzer is enabled.
      See Also:

    • ANALYZER_NUGETCONF_ENABLED

      public static final String ANALYZER_NUGETCONF_ENABLED
      The properties key for whether the .NET Nuget packages.config analyzer is enabled.
      See Also:

    • ANALYZER_LIBMAN_ENABLED

      public static final String ANALYZER_LIBMAN_ENABLED
      The properties key for whether the Libman analyzer is enabled.
      See Also:

    • ANALYZER_MSBUILD_PROJECT_ENABLED

      public static final String ANALYZER_MSBUILD_PROJECT_ENABLED
      The properties key for whether the .NET MSBuild Project analyzer is enabled.
      See Also:

    • ANALYZER_NEXUS_ENABLED

      public static final String ANALYZER_NEXUS_ENABLED
      The properties key for whether the Nexus analyzer is enabled.
      See Also:

    • ANALYZER_NEXUS_URL

      public static final String ANALYZER_NEXUS_URL
      The properties key for the Nexus search URL.
      See Also:

    • ANALYZER_NEXUS_USER

      public static final String ANALYZER_NEXUS_USER
      The properties key for the Nexus search credentials username.
      See Also:

    • ANALYZER_NEXUS_PASSWORD

      public static final String ANALYZER_NEXUS_PASSWORD
      The properties key for the Nexus search credentials password.
      See Also:

    • ANALYZER_NEXUS_USES_PROXY

      public static final String ANALYZER_NEXUS_USES_PROXY
      The properties key for using the proxy to reach Nexus.
      See Also:

    • ANALYZER_ARTIFACTORY_ENABLED

      public static final String ANALYZER_ARTIFACTORY_ENABLED
      The properties key for whether the Artifactory analyzer is enabled.
      See Also:

    • ANALYZER_ARTIFACTORY_URL

      public static final String ANALYZER_ARTIFACTORY_URL
      The properties key for the Artifactory search URL.
      See Also:

    • ANALYZER_ARTIFACTORY_API_USERNAME

      public static final String ANALYZER_ARTIFACTORY_API_USERNAME
      The properties key for the Artifactory username.
      See Also:

    • ANALYZER_ARTIFACTORY_API_TOKEN

      public static final String ANALYZER_ARTIFACTORY_API_TOKEN
      The properties key for the Artifactory API token.
      See Also:

    • ANALYZER_ARTIFACTORY_BEARER_TOKEN

      public static final String ANALYZER_ARTIFACTORY_BEARER_TOKEN
      The properties key for the Artifactory bearer token (https://www.jfrog.com/confluence/display/RTF/Access+Tokens). It can be generated using: 
      curl -u yourUserName -X POST \
   "https://artifactory.techno.ingenico.com/artifactory/api/security/token" \
   -d "username=yourUserName"
      .
      See Also:

    • ANALYZER_ARTIFACTORY_USES_PROXY

      public static final String ANALYZER_ARTIFACTORY_USES_PROXY
      The properties key for using the proxy to reach Artifactory.
      See Also:

    • ANALYZER_ARTIFACTORY_PARALLEL_ANALYSIS

      public static final String ANALYZER_ARTIFACTORY_PARALLEL_ANALYSIS
      The properties key for whether the Artifactory analyzer should use parallel processing.
      See Also:

    • ANALYZER_CENTRAL_ENABLED

      public static final String ANALYZER_CENTRAL_ENABLED
      The properties key for whether the Central analyzer is enabled.
      See Also:

    • MAVEN_LOCAL_REPO

      public static final String MAVEN_LOCAL_REPO
      Key for the path to the local Maven repository.
      See Also:

    • CENTRAL_CONTENT_URL

      public static final String CENTRAL_CONTENT_URL
      Key for the URL to obtain content from Maven Central.
      See Also:

    • CENTRAL_CONTENT_USER

      public static final String CENTRAL_CONTENT_USER
      Key for the Username to obtain content from Maven Central. For use when the central content URL is reconfigured to a site requiring HTTP-Basic-authentication.
      See Also:

    • CENTRAL_CONTENT_PASSWORD

      public static final String CENTRAL_CONTENT_PASSWORD
      Key for the Password to obtain content from Maven Central. For use when the central content URL is reconfigured to a site requiring HTTP-Basic-authentication.
      See Also:

    • CENTRAL_CONTENT_BEARER_TOKEN

      public static final String CENTRAL_CONTENT_BEARER_TOKEN
      Key for the token to obtain content from Maven Central from an HTTP-Bearer-auth protected location. For use when the central content URL is reconfigured to a site requiring HTTP-Bearer-authentication.
      See Also:

    • ANALYZER_CENTRAL_PARALLEL_ANALYSIS

      public static final String ANALYZER_CENTRAL_PARALLEL_ANALYSIS
      The properties key for whether the Central analyzer should use parallel processing.
      See Also:

    • ANALYZER_CENTRAL_RETRY_COUNT

      public static final String ANALYZER_CENTRAL_RETRY_COUNT
      The properties key for whether the Central analyzer should use parallel processing.
      See Also:

    • ANALYZER_OPENSSL_ENABLED

      public static final String ANALYZER_OPENSSL_ENABLED
      The properties key for whether the OpenSSL analyzer is enabled.
      See Also:

    • ANALYZER_COCOAPODS_ENABLED

      public static final String ANALYZER_COCOAPODS_ENABLED
      The properties key for whether the cocoapods analyzer is enabled.
      See Also:

    • ANALYZER_CARTHAGE_ENABLED

      public static final String ANALYZER_CARTHAGE_ENABLED
      The properties key for whether the carthage analyzer is enabled.
      See Also:

    • ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED

      public static final String ANALYZER_SWIFT_PACKAGE_MANAGER_ENABLED
      The properties key for whether the SWIFT package manager analyzer is enabled.
      See Also:

    • ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED

      public static final String ANALYZER_SWIFT_PACKAGE_RESOLVED_ENABLED
      The properties key for whether the SWIFT package resolved analyzer is enabled.
      See Also:

    • ANALYZER_CENTRAL_URL

      public static final String ANALYZER_CENTRAL_URL
      The properties key for the Central search URL.
      See Also:

    • ANALYZER_CENTRAL_USER

      public static final String ANALYZER_CENTRAL_USER
      The properties key for the Central search username. For use when Central search is reconfigured to a site requiring HTTP-Basic-authentication.
      See Also:

    • ANALYZER_CENTRAL_PASSWORD

      public static final String ANALYZER_CENTRAL_PASSWORD
      The properties key for the Central search password. For use when Central search is reconfigured to a site requiring HTTP-Basic-authentication.
      See Also:

    • ANALYZER_CENTRAL_BEARER_TOKEN

      public static final String ANALYZER_CENTRAL_BEARER_TOKEN
      The properties key for the token for a HTTP Bearer protected Central search URL. For use when Central search is reconfigured to a site requiring HTTP-Bearer-authentication.
      See Also:

    • ANALYZER_CENTRAL_QUERY

      public static final String ANALYZER_CENTRAL_QUERY
      The properties key for the Central search query.
      See Also:

    • ANALYZER_CENTRAL_USE_CACHE

      public static final String ANALYZER_CENTRAL_USE_CACHE
      The properties key for whether Central search results will be cached.
      See Also:

    • ANALYZER_ASSEMBLY_DOTNET_PATH

      public static final String ANALYZER_ASSEMBLY_DOTNET_PATH
      The path to dotnet core, if available.
      See Also:

    • ANALYZER_BUNDLE_AUDIT_PATH

      public static final String ANALYZER_BUNDLE_AUDIT_PATH
      The path to bundle-audit, if available.
      See Also:

    • ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY

      public static final String ANALYZER_BUNDLE_AUDIT_WORKING_DIRECTORY
      The path to bundle-audit, if available.
      See Also:

    • ADDITIONAL_ZIP_EXTENSIONS

      public static final String ADDITIONAL_ZIP_EXTENSIONS
      The additional configured zip file extensions, if available.
      See Also:

    • VFEED_DATA_FILE

      @Deprecated(forRemoval=true, since="v1.0.0") public static final String VFEED_DATA_FILE
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to obtain the path to the VFEED data file.
      See Also:

    • VFEED_CONNECTION_STRING

      @Deprecated(forRemoval=true, since="v1.0.0") public static final String VFEED_CONNECTION_STRING
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to obtain the VFEED connection string.
      See Also:

    • VFEED_DOWNLOAD_URL

      @Deprecated(forRemoval=true, since="v1.0.0") public static final String VFEED_DOWNLOAD_URL
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to obtain the base download URL for the VFeed data file.
      See Also:

    • VFEED_DOWNLOAD_FILE

      @Deprecated(forRemoval=true, since="v1.0.0") public static final String VFEED_DOWNLOAD_FILE
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to obtain the download file name for the VFeed data.
      See Also:

    • VFEED_UPDATE_STATUS

      @Deprecated(forRemoval=true, since="v1.0.0") public static final String VFEED_UPDATE_STATUS
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to obtain the VFeed update status.
      See Also:

    • DOWNLOADER_QUICK_QUERY_TIMESTAMP

      @Deprecated(forRemoval=true, since="v11.0.0") public static final String DOWNLOADER_QUICK_QUERY_TIMESTAMP
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to the HTTP request method for query last modified date.
      See Also:

    • DOWNLOADER_TLS_PROTOCOL_LIST

      @Deprecated(forRemoval=true, since="v12.0.0") public static final String DOWNLOADER_TLS_PROTOCOL_LIST
      Deprecated, for removal: This API element is subject to removal in a future version.
      No longer used; will be removed in a future release.
      The key to HTTP protocol list to use.
      See Also:

    • ANALYZER_CPE_ENABLED

      public static final String ANALYZER_CPE_ENABLED
      The key to determine if the CPE analyzer is enabled.
      See Also:

    • ANALYZER_NPM_CPE_ENABLED

      public static final String ANALYZER_NPM_CPE_ENABLED
      The key to determine if the NPM CPE analyzer is enabled.
      See Also:

    • ANALYZER_CPE_SUPPRESSION_ENABLED

      public static final String ANALYZER_CPE_SUPPRESSION_ENABLED
      The key to determine if the CPE Suppression analyzer is enabled.
      See Also:

    • ANALYZER_DEPENDENCY_BUNDLING_ENABLED

      public static final String ANALYZER_DEPENDENCY_BUNDLING_ENABLED
      The key to determine if the Dependency Bundling analyzer is enabled.
      See Also:

    • ANALYZER_DEPENDENCY_MERGING_ENABLED

      public static final String ANALYZER_DEPENDENCY_MERGING_ENABLED
      The key to determine if the Dependency Merging analyzer is enabled.
      See Also:

    • ANALYZER_FALSE_POSITIVE_ENABLED

      public static final String ANALYZER_FALSE_POSITIVE_ENABLED
      The key to determine if the False Positive analyzer is enabled.
      See Also:

    • ANALYZER_FILE_NAME_ENABLED

      public static final String ANALYZER_FILE_NAME_ENABLED
      The key to determine if the File Name analyzer is enabled.
      See Also:

    • ANALYZER_PE_ENABLED

      public static final String ANALYZER_PE_ENABLED
      The key to determine if the File Version analyzer is enabled.
      See Also:

    • ANALYZER_HINT_ENABLED

      public static final String ANALYZER_HINT_ENABLED
      The key to determine if the Hint analyzer is enabled.
      See Also:

    • ANALYZER_VERSION_FILTER_ENABLED

      public static final String ANALYZER_VERSION_FILTER_ENABLED
      The key to determine if the Version Filter analyzer is enabled.
      See Also:

    • ANALYZER_VULNERABILITY_SUPPRESSION_ENABLED

      public static final String ANALYZER_VULNERABILITY_SUPPRESSION_ENABLED
      The key to determine if the Vulnerability Suppression analyzer is enabled.
      See Also:

    • UPDATE_NVDCVE_ENABLED

      public static final String UPDATE_NVDCVE_ENABLED
      The key to determine if the NVD CVE updater should be enabled.
      See Also:

    • UPDATE_VERSION_CHECK_ENABLED

      public static final String UPDATE_VERSION_CHECK_ENABLED
      The key to determine if dependency-check should check if there is a new version available.
      See Also:

    • ECOSYSTEM_SKIP_CPEANALYZER

      public static final String ECOSYSTEM_SKIP_CPEANALYZER
      The key to determine which ecosystems should skip the CPE analysis.
      See Also:

    • ENABLE_BATCH_UPDATES

      public static final String ENABLE_BATCH_UPDATES
      Adds capabilities to batch insert. Tested on PostgreSQL and H2.
      See Also:

    • MAX_BATCH_SIZE

      public static final String MAX_BATCH_SIZE
      Size of database batch inserts.
      See Also:

    • WRITELOCK_SHUTDOWN_HOOK

      public static final String WRITELOCK_SHUTDOWN_HOOK
      The key that specifies the class name of the Write Lock shutdown hook.
      See Also:

    • ANALYZER_OSSINDEX_ENABLED

      public static final String ANALYZER_OSSINDEX_ENABLED
      The properties key for whether the Sonatype OSS Index analyzer is enabled.
      See Also:

    • ANALYZER_OSSINDEX_USE_CACHE

      public static final String ANALYZER_OSSINDEX_USE_CACHE
      The properties key for whether the Sonatype OSS Index should use a local cache.
      See Also:

    • ANALYZER_OSSINDEX_CACHE_VALID_FOR_HOURS

      public static final String ANALYZER_OSSINDEX_CACHE_VALID_FOR_HOURS
      The properties key for how long results from the Sonatype OSS Index should be cached.
      See Also:

    • ANALYZER_OSSINDEX_URL

      public static final String ANALYZER_OSSINDEX_URL
      The properties key for the Sonatype OSS Index URL.
      See Also:

    • ANALYZER_OSSINDEX_USER

      public static final String ANALYZER_OSSINDEX_USER
      The properties key for the Sonatype OSS Index user.
      See Also:

    • ANALYZER_OSSINDEX_PASSWORD

      public static final String ANALYZER_OSSINDEX_PASSWORD
      The properties key for the Sonatype OSS Index password.
      See Also:

    • ANALYZER_OSSINDEX_BATCH_SIZE

      public static final String ANALYZER_OSSINDEX_BATCH_SIZE
      The properties key for the Sonatype OSS batch-size.
      See Also:

    • ANALYZER_OSSINDEX_REQUEST_DELAY

      public static final String ANALYZER_OSSINDEX_REQUEST_DELAY
      The properties key for the Sonatype OSS Request Delay. Amount of time in seconds to wait before executing a request against the Sonatype OSS Rest API
      See Also:

    • ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS

      public static final String ANALYZER_OSSINDEX_WARN_ONLY_ON_REMOTE_ERRORS
      The properties key for only warning about Sonatype OSS Index remote errors instead of failing the request.
      See Also:

    • ANALYZER_DART_ENABLED

      public static final String ANALYZER_DART_ENABLED
      The properties key for whether the Dart analyzer is enabled.
      See Also:

    • PRETTY_PRINT

      public static final String PRETTY_PRINT
      The properties key for whether to pretty print the XML/JSON reports.
      See Also:

    • MASKED_PROPERTIES

      public static final String MASKED_PROPERTIES
      The properties key setting which other keys should be considered sensitive and subsequently masked when logged.
      See Also:

    • MAX_QUERY_SIZE_DEFAULT

      public static final String MAX_QUERY_SIZE_DEFAULT
      The properties key for the default max query size for Lucene query results.
      See Also:

    • MAX_QUERY_SIZE_PREFIX

      public static final String MAX_QUERY_SIZE_PREFIX
      The properties key prefix for the default max query size for Lucene query results; append the ecosystem to obtain the default query size.
      See Also:

    • FAIL_ON_UNUSED_SUPPRESSION_RULE

      public static final String FAIL_ON_UNUSED_SUPPRESSION_RULE
      The properties key for whether the build should fail if there are unused suppression rules.
      See Also: