Skip to content

Commit

Permalink
docs: Update list of supported report formats (#6224)
Browse files Browse the repository at this point in the history
  • Loading branch information
@TobiX
TobiX authored Dec 5, 2023
1 parent 48c6d99 commit 9eb5457
Show file tree
Hide file tree
Showing 11 changed files with 38 additions and 35 deletions.
8 changes: 4 additions & 4 deletions ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,13 +237,13 @@ public class Check extends Update {
*/
private Boolean autoUpdate;
/**
* The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF,
* JENKINS, ALL). Default is HTML.
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
* JENKINS, GITLAB, ALL). Default is HTML.
*/
private String reportFormat = "HTML";
/**
* The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF,
* JENKINS, ALL). Default is HTML.
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
* JENKINS, GITLAB, ALL). Default is HTML.
*/
private final List<String> reportFormats = new ArrayList<>();
/**
Expand Down
8 changes: 4 additions & 4 deletions ant/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,13 @@ failBuildOnCVSS | Specifies if the build should be failed if a CVSS score
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0
prettyPrint | Whether the XML and JSON formatted reports should be pretty printed. | false
projectName | The name of the project being scanned. | Dependency-Check
reportFormat | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, ALL). | HTML
reportFormat | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). | HTML
reportOutputDirectory | The location to write the report(s). Note, this is not used if generating the report as part of a `mvn site` build | 'target'
hintsFile | The file path to the XML hints file \- used to resolve [false negatives](../general/hints.html) | &nbsp;
proxyServer | The Proxy Server; see the [proxy configuration](../data/proxy.html) page for more information. | &nbsp;
proxyPort | The Proxy Port. | &nbsp;
proxyUsername | Defines the proxy user name. | &nbsp;
proxyPassword | Defines the proxy password. | &nbsp;
proxyPassword | Defines the proxy password. | &nbsp;
nonProxyHosts | Defines the hosts that will not be proxied. | &nbsp;
connectionTimeout | The URL Connection Timeout. | &nbsp;
enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false
Expand All @@ -57,7 +57,7 @@ The following nested elements can be set on the dependency-check task.
Element | Property | Description | Default Value
------------------|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------
suppressionFile | path | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). Element can be specified multiple times. The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/jeremylong/DependencyCheck/issues/1878#issuecomment-487533799) | &nbsp;| &nbsp;
reportFormat | format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, ALL). Element can be specified multiple times. | &nbsp;
reportFormat | format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). Element can be specified multiple times. | &nbsp;


Analyzer Configuration
Expand Down Expand Up @@ -159,4 +159,4 @@ databasePassword | The password used when connecting to the database.
hostedSuppressionsEnabled | Whether the hosted suppression file will be used. | true
hostedSuppressionsUrl | The URL to a mirrored copy of the hosted suppressions file for internet-constrained environments | https://jeremylong.github.io/DependencyCheck/suppressions/publishedSuppressions.xml
hostedSuppressionsValidForHours | Sets the number of hours to wait before checking for new updates of the hosted suppressions file | 2
hostedSuppressionsForceUpdate | Sets whether the hosted suppressions file should update regardless of the `autoupdate` and validForHours settings | false
hostedSuppressionsForceUpdate | Sets whether the hosted suppressions file should update regardless of the `autoupdate` and validForHours settings | false
4 changes: 2 additions & 2 deletions cli/src/main/java/org/owasp/dependencycheck/CliParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ public final class CliParser {
/**
* The supported reported formats.
*/
private static final String SUPPORTED_FORMATS = "HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, or ALL";
private static final String SUPPORTED_FORMATS = "HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB or ALL";

/**
* Constructs a new CLI Parser object with the configured settings.
Expand Down Expand Up @@ -114,7 +114,7 @@ private CommandLine parseArgs(String[] args) throws ParseException {
*/
private void validateArgs() throws FileNotFoundException, ParseException {
if (isUpdateOnly() || isRunScan()) {

String value = line.getOptionValue(ARGUMENT.NVD_API_VALID_FOR_HOURS);
if (value != null) {
try {
Expand Down
2 changes: 1 addition & 1 deletion cli/src/site/markdown/arguments.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ The following table lists the command line arguments:
| | \-\-exclude | \<pattern\> | The path patterns to exclude from the scan \- this option can be specified multiple times. This accepts Ant style path patterns (e.g. **/exclude/**). | Optional |
| | \-\-symLink | \<depth\> | The depth that symbolic links will be followed; the default is 0 meaning symbolic links will not be followed. | Optional |
| \-o | \-\-out | \<path\> | The folder to write reports to. This defaults to the current directory. If the format is not set to ALL one could specify a specific file name. | Optional |
| \-f | \-\-format | \<format\> | The output format to write to (XML, HTML, CSV, JSON, JUNIT, SARIF, ALL). Multiple formats can be specified by specifying the parameter multiple times. The default is HTML. | Required |
| \-f | \-\-format | \<format\> | The output format to write to (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). Multiple formats can be specified by specifying the parameter multiple times. The default is HTML. | Required |
| | \-\-junitFailOnCVSS | \<score\> | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. The default is 0. | Optional |
| | \-\-prettyPrint | | When specified the JSON and XML report formats will be pretty printed. | Optional |
| | \-\-failOnCVSS | \<score\> | If the score set between 0 and 10 the exit code from dependency-check will indicate if a vulnerability with a CVSS score equal to or higher was identified. | Optional |
Expand Down
8 changes: 4 additions & 4 deletions core/src/main/java/org/owasp/dependencycheck/Engine.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1187,7 +1187,7 @@ private void throwFatalExceptionCollection(String message, @NotNull final Throwa
* @param applicationName the name of the application/project
* @param outputDir the path to the output directory (can include the full
* file name if the format is not ALL)
* @param format the report format (ALL, HTML, CSV, JSON, etc.)
* @param format the report format (see {@link ReportGenerator.Format})
* @throws ReportException thrown if there is an error generating the report
* @deprecated use
* {@link #writeReports(java.lang.String, java.io.File, java.lang.String, org.owasp.dependencycheck.exception.ExceptionCollection)}
Expand All @@ -1204,7 +1204,7 @@ public void writeReports(String applicationName, File outputDir, String format)
* @param applicationName the name of the application/project
* @param outputDir the path to the output directory (can include the full
* file name if the format is not ALL)
* @param format the report format (ALL, HTML, CSV, JSON, etc.)
* @param format the report format (see {@link ReportGenerator.Format})
* @param exceptions a collection of exceptions that may have occurred
* during the analysis
* @throws ReportException thrown if there is an error generating the report
Expand All @@ -1223,7 +1223,7 @@ public void writeReports(String applicationName, File outputDir, String format,
* @param version the Maven version
* @param outputDir the path to the output directory (can include the full
* file name if the format is not ALL)
* @param format the report format (ALL, HTML, CSV, JSON, etc.)
* @param format the report format (see {@link ReportGenerator.Format})
* @throws ReportException thrown if there is an error generating the report
* @deprecated use
* {@link #writeReports(String, String, String, String, File, String, ExceptionCollection)}
Expand All @@ -1245,7 +1245,7 @@ public synchronized void writeReports(String applicationName, @Nullable final St
* @param version the Maven version
* @param outputDir the path to the output directory (can include the full
* file name if the format is not ALL)
* @param format the report format (ALL, HTML, CSV, JSON, etc.)
* @param format the report format (see {@link ReportGenerator.Format})
* @param exceptions a collection of exceptions that may have occurred
* during the analysis
* @throws ReportException thrown if there is an error generating the report
Expand Down
7 changes: 4 additions & 3 deletions core/src/main/java/org/owasp/dependencycheck/agent/DependencyCheckScanAgent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,9 +122,10 @@ public class DependencyCheckScanAgent {
*/
private boolean generateReport = true;
/**
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, ALL).
* This configuration option has no affect if using this within the Site
* plugin unless the externalReport is set to true. Default is HTML.
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
* JENKINS, GITLAB, ALL). This configuration option has no affect if using
* this within the Site plugin unless the externalReport is set to true.
* Default is HTML.
*/
private ReportGenerator.Format reportFormat = ReportGenerator.Format.HTML;
/**
Expand Down
12 changes: 7 additions & 5 deletions core/src/main/java/org/owasp/dependencycheck/reporting/ReportGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -309,9 +309,9 @@ private VelocityEngine createVelocityEngine() {
* Writes the dependency-check report to the given output location.
*
* @param outputLocation the path where the reports should be written
* @param format the format the report should be written in (XML, HTML,
* JSON, CSV, ALL) or even the path to a custom velocity template (either
* fully qualified or the template name on the class path).
* @param format the format the report should be written in (a valid member
* of {@link Format}) or even the path to a custom velocity template
* (either fully qualified or the template name on the class path).
* @throws ReportException is thrown if there is an error creating out the
* reports
*/
Expand All @@ -331,6 +331,7 @@ public void write(String outputLocation, String format) throws ReportException {
out = new File(out, FilenameUtils.getBaseName(format));
LOGGER.warn("Writing non-standard VSL output to a directory using template name as file name.");
}
LOGGER.info("Writing custom report to: {}", out.getAbsolutePath());
processTemplate(format, out);
}

Expand All @@ -340,7 +341,8 @@ public void write(String outputLocation, String format) throws ReportException {
* Writes the dependency-check report(s).
*
* @param outputLocation the path where the reports should be written
* @param format the format the report should be written in (XML, HTML, ALL)
* @param format the format the report should be written in (see
* {@link Format})
* @throws ReportException is thrown if there is an error creating out the
* reports
*/
Expand All @@ -354,6 +356,7 @@ public void write(String outputLocation, Format format) throws ReportException {
} else {
final File out = getReportFile(outputLocation, format);
final String templateName = format.toString().toLowerCase() + "Report";
LOGGER.info("Writing {} report to: {}", format, out.getAbsolutePath());
processTemplate(templateName, out);
if (settings.getBoolean(Settings.KEYS.PRETTY_PRINT, false)) {
if (format == Format.JSON || format == Format.SARIF) {
Expand Down Expand Up @@ -422,7 +425,6 @@ public static File getReportFile(String outputLocation, Format format) {
@SuppressFBWarnings(justification = "try with resources will clean up the output stream", value = {"OBL_UNSATISFIED_OBLIGATION"})
protected void processTemplate(String template, File file) throws ReportException {
ensureParentDirectoryExists(file);
LOGGER.info("Writing report to: " + file.getAbsolutePath());
try (OutputStream output = new FileOutputStream(file)) {
processTemplate(template, output);
} catch (IOException ex) {
Expand Down
12 changes: 6 additions & 6 deletions maven/src/main/java/org/owasp/dependencycheck/maven/BaseDependencyCheckMojo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,9 +293,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "dependency-check.virtualSnapshotsFromReactor", defaultValue = "true")
private Boolean virtualSnapshotsFromReactor;
/**
* The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF,
* JENKINS, ALL). Multiple formats can be selected using a comma delineated
* list.
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
* JENKINS, GITLAB, ALL). Multiple formats can be selected using a comma
* delineated list.
*/
@SuppressWarnings("CanBeFinal")
@Parameter(property = "format", defaultValue = "HTML", required = true)
Expand All @@ -308,9 +308,9 @@ public abstract class BaseDependencyCheckMojo extends AbstractMojo implements Ma
@Parameter(property = "prettyPrint")
private Boolean prettyPrint;
/**
* The report format to be generated (HTML, XML, JUNIT, CSV, JSON, SARIF,
* JENKINS, ALL). Multiple formats can be selected using a comma delineated
* list.
* The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF,
* JENKINS, GITLAB, ALL). Multiple formats can be selected using a comma
* delineated list.
*/
@Parameter(property = "formats", required = true)
private String[] formats;
Expand Down
4 changes: 2 additions & 2 deletions maven/src/site/markdown/configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ The following properties can be set on the dependency-check-maven plugin.
Property | Description | Default Value
----------------------------|------------------------------------|------------------
autoUpdate | Sets whether auto-updating of the NVD CVE/CPE, retireJS and hosted suppressions data is enabled. It is not recommended that this be turned to false. | true
format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, ALL). This configuration is ignored if `formats` is defined. This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
formats | A list of report formats to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, ALL). This configuration overrides the value from `format`. This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | &nbsp;
format | The report format to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). This configuration is ignored if `formats` is defined. This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | HTML
formats | A list of report formats to be generated (HTML, XML, CSV, JSON, JUNIT, SARIF, JENKINS, GITLAB, ALL). This configuration overrides the value from `format`. This configuration option has no affect if using this within the Site plugin unless the externalReport is set to true. | &nbsp;
junitFailOnCVSS | If using the JUNIT report format the junitFailOnCVSS sets the CVSS score threshold that is considered a failure. | 0
prettyPrint | Whether the XML and JSON formatted reports should be pretty printed. | false
failBuildOnCVSS | Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified. The default is 11 which means since the CVSS scores are 0-10, by default the build will never fail. More information on CVSS scores can be found at the [NVD](https://nvd.nist.gov/vuln-metrics/cvss) | 11
Expand Down
Loading

0 comments on commit 9eb5457

Please sign in to comment.