From 3040345a6e081ff3a856b76ad73dabbfbda83d50 Mon Sep 17 00:00:00 2001 From: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> Date: Fri, 8 May 2026 00:14:53 +0800 Subject: [PATCH 1/3] docs: Document connection timeout config for Gradle Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> --- .../markdown/dependency-check-gradle/configuration-aggregate.md | 2 ++ .../markdown/dependency-check-gradle/configuration-update.md | 2 ++ src/site/markdown/dependency-check-gradle/configuration.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md index f1f658d8ae8..2226c410a06 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md +++ b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md @@ -72,6 +72,8 @@ The following properties can be configured in the dependencyCheck task. However, |   | suppressionFileUser | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFilePassword | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFileBearerToken | Credentials used for bearer authentication for web-hosted suppression files |   | +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | 60000 | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | diff --git a/src/site/markdown/dependency-check-gradle/configuration-update.md b/src/site/markdown/dependency-check-gradle/configuration-update.md index 17d6fc9ca42..3e9eef2cdd7 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-update.md +++ b/src/site/markdown/dependency-check-gradle/configuration-update.md @@ -46,6 +46,8 @@ The following properties can be configured in the dependencyCheck task. However, | Config Group | Property | Description | Default Value | |--------------------|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------| +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | diff --git a/src/site/markdown/dependency-check-gradle/configuration.md b/src/site/markdown/dependency-check-gradle/configuration.md index 4c93f3e753c..3d42620102f 100644 --- a/src/site/markdown/dependency-check-gradle/configuration.md +++ b/src/site/markdown/dependency-check-gradle/configuration.md @@ -72,6 +72,8 @@ The following properties can be configured in the dependencyCheck task. However, |   | suppressionFileUser | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFilePassword | Credentials used for basic authentication for web-hosted suppression files |   | |   | suppressionFileBearerToken | Credentials used for bearer authentication for web-hosted suppression files |   | +|   | connectionTimeout | Sets the connection timeout used when downloading external data. | 10000 | +|   | readTimeout | Sets the read timeout used when downloading external data. | 60000 | | nvd | apiKey | The API Key to access the NVD API; obtained from https://nvd.nist.gov/developers/request-an-api-key |   | | nvd | endpoint | The NVD API endpoint URL; setting this is uncommon. | https://services.nvd.nist.gov/rest/json/cves/2.0 | | nvd | maxRetryCount | The maximum number of retry requests for a single call to the NVD API. | 10 | From ebd057730cfdc4b39aef6a0de1bfbfc80a1b6c81 Mon Sep 17 00:00:00 2001 From: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> Date: Fri, 8 May 2026 00:15:49 +0800 Subject: [PATCH 2/3] docs: improve consistency of Gradle documentation for a couple of values Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> --- .../dependency-check-gradle/configuration-aggregate.md | 2 +- .../markdown/dependency-check-gradle/configuration-update.md | 4 ++-- src/site/markdown/dependency-check-gradle/configuration.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md index 2226c410a06..7b27112732f 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-aggregate.md +++ b/src/site/markdown/dependency-check-gradle/configuration-aggregate.md @@ -99,7 +99,7 @@ The following properties can be configured in the dependencyCheck task. However, | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | | hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | -| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true | +| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. See `analyzers.ossIndex.validForHours` for configuration. | true | | cache | central | Sets whether the Central Analyzer will cache results. Cached results expire after 30 days. | true | | cache | nodeAudit | Sets whether the Node Audit Analyzer should cache results locally. Cached results expire after 24 hours. | true | diff --git a/src/site/markdown/dependency-check-gradle/configuration-update.md b/src/site/markdown/dependency-check-gradle/configuration-update.md index 3e9eef2cdd7..0cbda036c01 100644 --- a/src/site/markdown/dependency-check-gradle/configuration-update.md +++ b/src/site/markdown/dependency-check-gradle/configuration-update.md @@ -66,11 +66,11 @@ The following properties can be configured in the dependencyCheck task. However, | data | password | The password used when connecting to the database. |   | | hostedSuppressions | enabled | Whether the hosted suppressions file will be used. | true | | hostedSuppressions | forceupdate | Sets whether hosted suppressions file will update regardless of the `autoupdate` setting. | false | -| hostedSuppressions | url | The URL to (a mirror of) the hosted suppressions file. | https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml | +| hostedSuppressions | url | The URL to a mirrored copy of the hosted suppressions file for internet-constrained environments. | https://dependency-check.github.io/DependencyCheck/suppressions/publishedSuppressions.xml | | hostedSuppressions | user | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | -| hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | +| hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file. | 2 | #### Example diff --git a/src/site/markdown/dependency-check-gradle/configuration.md b/src/site/markdown/dependency-check-gradle/configuration.md index 3d42620102f..5212ba81d16 100644 --- a/src/site/markdown/dependency-check-gradle/configuration.md +++ b/src/site/markdown/dependency-check-gradle/configuration.md @@ -99,7 +99,7 @@ The following properties can be configured in the dependencyCheck task. However, | hostedSuppressions | password | Credentials used for basic authentication for the hosted suppressions file. |   | | hostedSuppressions | bearerToken | Credentials used for bearer authentication for the hosted suppressions file. |   | | hostedSuppressions | validForHours | The number of hours to wait before checking for new updates of the hosted suppressions file . | 2 | -| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. Cached results expire after 24 hours. | true | +| cache | ossIndex | Sets whether the OSS Index Analyzer will cache results. See `analyzers.ossIndex.validForHours` for configuration. | true | | cache | central | Sets whether the Central Analyzer will cache results. Cached results expire after 30 days. | true | | cache | nodeAudit | Sets whether the Node Audit Analyzer should cache results locally. Cached results expire after 24 hours. | true | From afbd2bbac8ec55c2ea96f22f63652692fe6d7072 Mon Sep 17 00:00:00 2001 From: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> Date: Thu, 7 May 2026 17:50:23 +0800 Subject: [PATCH 3/3] docs: Document connection timeouts consistently with one another Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> --- ant/src/site/markdown/config-update.md | 4 ++-- ant/src/site/markdown/configuration.md | 4 ++-- maven/src/site/markdown/configuration.md | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ant/src/site/markdown/config-update.md b/ant/src/site/markdown/config-update.md index b310bc48788..44c7cf7789e 100644 --- a/ant/src/site/markdown/config-update.md +++ b/ant/src/site/markdown/config-update.md @@ -26,8 +26,8 @@ The following properties can be set on the dependency-check-update task. | proxyUsername | Defines the proxy user name. |   | | proxyPassword | Defines the proxy password. |   | | nonProxyHosts | Defines the hosts that will not be proxied. |   | -| connectionTimeout | The URL Connection Timeout (in milliseconds). | 10000 | -| readtimeout | The URL Read Timeout (in milliseconds). | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | retireJsAnalyzerEnabled | Sets whether the RetireJS Analyzer update and analyzer are enabled. | true | Advanced Configuration diff --git a/ant/src/site/markdown/configuration.md b/ant/src/site/markdown/configuration.md index 8d86595c0c6..193efd17066 100644 --- a/ant/src/site/markdown/configuration.md +++ b/ant/src/site/markdown/configuration.md @@ -51,8 +51,8 @@ The following properties can be set on the dependency-check task. | proxyUsername | Defines the proxy user name. |   | | proxyPassword | Defines the proxy password. |   | | nonProxyHosts | Defines the hosts that will not be proxied. |   | -| connectionTimeout | The URL Connection Timeout (in milliseconds). | 10000 | -| readtimeout | The URL Read Timeout (in milliseconds). | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | enableExperimental | Enable the [experimental analyzers](../analyzers/index.html). If not enabled the experimental analyzers (see below) will not be loaded or used. | false | | enableRetired | Enable the [retired analyzers](../analyzers/index.html). If not enabled the retired analyzers (see below) will not be loaded or used. | false | | suppressionFile | The file path to the XML suppression file \- used to suppress [false positives](../general/suppression.html). The parameter value can be a local file path, a URL to a suppression file, or even a reference to a file on the class path (see https://github.com/dependency-check/DependencyCheck/issues/1878#issuecomment-487533799) |   | diff --git a/maven/src/site/markdown/configuration.md b/maven/src/site/markdown/configuration.md index ec9f299d6eb..927af4ad5a9 100644 --- a/maven/src/site/markdown/configuration.md +++ b/maven/src/site/markdown/configuration.md @@ -166,8 +166,8 @@ Note that any passwords in the below configuration could be exposed if you use ` | suppressionFileUser | If you don't want register user/password in settings.xml, you can specify Basic username. |   | | suppressionFilePassword | If you don't want register user/password in settings.xml, you can specify Basic password, but be aware that if you use -X the secret will be written to the standard out. |   | | suppressionFileBearerToken | If you don't want register token as password in settings.xml, you can specify Bearer token, but be aware that if you use -X the secret will be written to the standard out. |   | -| connectionTimeout | Sets the URL Connection Timeout (in milliseconds) used when downloading external data. | 10000 | -| readTimeout | Sets the URL Read Timeout (in milliseconds) used when downloading external data. | 60000 | +| connectionTimeout | Sets the connection timeout (in milliseconds) used when downloading external data. | 10000 | +| readTimeout | Sets the read timeout (in milliseconds) used when downloading external data. | 60000 | | dataDirectory | Sets the data directory to hold SQL CVEs contents. This should generally not be changed. | ~/.m2/repository/org/owasp/dependency-check-data/ | | databaseDriverName | The database driver full classname; note, only needs to be set if the driver is not JDBC4 compliant or the JAR is outside of the class path. |   | | databaseDriverPath | The path to the database driver JAR file; only needs to be set if the driver is not in the class path. |   |