diff --git a/ant/src/site/markdown/config-update.md b/ant/src/site/markdown/config-update.md index b310bc48788..44c7cf7789e 100644 --- a/ant/src/site/markdown/config-update.md +++ b/ant/src/site/markdown/config-update.md @@ -26,8 +26,8 @@ The following properties can be set on the dependency-check-update task. | proxyUsername | Defines the proxy user name. |   | | proxyPassword | Defines the proxy password. |   | | nonProxyHosts | Defines the hosts that will not be proxied. |   | -| connectionTimeout | The URL Connection Timeout (in milliseconds). | 10000 | -| readtimeout | The URL Read Timeout (in milliseconds). | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | retireJsAnalyzerEnabled | Sets whether the RetireJS Analyzer update and analyzer are enabled. | true | Advanced Configuration diff --git a/ant/src/site/markdown/configuration.md b/ant/src/site/markdown/configuration.md index 0556f752ad6..8203ca8840e 100644 --- a/ant/src/site/markdown/configuration.md +++ b/ant/src/site/markdown/configuration.md @@ -51,8 +51,8 @@ The following properties can be set on the dependency-check task. | proxyUsername | Defines the proxy user name. |   | | proxyPassword | Defines the proxy password. |   | | nonProxyHosts | Defines the hosts that will not be proxied. |   | -| connectionTimeout | The URL Connection Timeout (in milliseconds). | 10000 | -| readtimeout | The URL Read Timeout (in milliseconds). | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false | | enableRetired | Enable the [retired analyzers](../analyzers/index.html). If not enabled the retired analyzers (see below) will not be loaded or used. | false | | suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/dependency-check/DependencyCheck/issues/1878#issuecomment-487533799) |   | diff --git a/maven/src/site/markdown/configuration.md b/maven/src/site/markdown/configuration.md index e750b170b93..df0417a01a2 100644 --- a/maven/src/site/markdown/configuration.md +++ b/maven/src/site/markdown/configuration.md @@ -166,8 +166,8 @@ Note that any passwords in the below configuration could be exposed if you use ` | suppressionFileUser | If you don't want register user/password in settings.xml, you can specify Basic username. |   | | suppressionFilePassword | If you don't want register user/password in settings.xml, you can specify Basic password, but be aware that if you use -X the secret will be written to the standard out. |   | | suppressionFileBearerToken | If you don't want register token as password in settings.xml, you can specify Bearer token, but be aware that if you use -X the secret will be written to the standard out. |   | -| connectionTimeout | Sets the URL Connection Timeout (in milliseconds) used when downloading external data. | 10000 | -| readTimeout | Sets the URL Read Timeout (in milliseconds) used when downloading external data. | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | dataDirectory | Sets the data directory to hold SQL CVEs contents. This should generally not be changed. | ~/.m2/repository/org/owasp/dependency-check-data/ | | databaseDriverName | The database driver full classname; note, only needs to be set if the driver is not JDBC4 compliant or the JAR is outside of the class path. |   | | databaseDriverPath | The path to the database driver JAR file; only needs to be set if the driver is not in the class path. |   | diff --git a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md index 9776a6003a5..959feffc9c2 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md +++ b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md @@ -72,6 +72,8 @@ The following properties can be configured in the dependencyCheck task. However, |   | suppressionFileUser | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFilePassword | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFileBearerToken | Credentials used for bearer authentication for web-hosted suppression files |   | +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | 60000 | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | @@ -97,7 +99,7 @@ The following properties can be configured in the dependencyCheck task. However, | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | | hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | -| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true | +| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. See `analyzers.ossIndex.validForHours` for configuration. | true | | cache | central | Sets whether the Central Analyzer will cache results. Cached results expire after 30 days. | true | | cache | nodeAudit | Sets whether the Node Audit Analyzer should cache results locally. Cached results expire after 24 hours. | true | diff --git a/src/site/markdown/dependency-check-gradle/configuration-update.md b/src/site/markdown/dependency-check-gradle/configuration-update.md index 17d6fc9ca42..0cbda036c01 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-update.md +++ b/src/site/markdown/dependency-check-gradle/configuration-update.md @@ -46,6 +46,8 @@ The following properties can be configured in the dependencyCheck task. However, | Config Group | Property | Description | Default Value | |--------------------|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | @@ -64,11 +66,11 @@ The following properties can be configured in the dependencyCheck task. However, | data | password | The password used when connecting to the database. |   | | hostedSuppressions | enabled | Whether the hosted suppressions file will be used. | true | | hostedSuppressions | forceupdate | Sets whether hosted suppressions file will update regardless of the `autoupdate` setting. | false | -| hostedSuppressions | url | The URL to (a mirror of) the hosted suppressions file. | https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml | +| hostedSuppressions | url | The URL to a mirrored copy of the hosted suppressions file for internet-constrained environments. | https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml | | hostedSuppressions | user | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | -| hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | +| hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file. | 2 | #### Example diff --git a/src/site/markdown/dependency-check-gradle/configuration.md b/src/site/markdown/dependency-check-gradle/configuration.md index dbc8495dc1a..6e3c81a73b3 100644 --- a/src/site/markdown/dependency-check-gradle/configuration.md +++ b/src/site/markdown/dependency-check-gradle/configuration.md @@ -72,6 +72,8 @@ The following properties can be configured in the dependencyCheck task. However, |   | suppressionFileUser | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFilePassword | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFileBearerToken | Credentials used for bearer authentication for web-hosted suppression files |   | +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | 60000 | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | @@ -97,7 +99,7 @@ The following properties can be configured in the dependencyCheck task. However, | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | | hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | -| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true | +| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. See `analyzers.ossIndex.validForHours` for configuration. | true | | cache | central | Sets whether the Central Analyzer will cache results. Cached results expire after 30 days. | true | | cache | nodeAudit | Sets whether the Node Audit Analyzer should cache results locally. Cached results expire after 24 hours. | true |