The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

OWASP Dependency-Check Plugin

dependencyCheckPublisher: Publish Dependency-Check results

  • failedNewCritical : int (optional)
  • failedNewHigh : int (optional)
  • failedNewLow : int (optional)
  • failedNewMedium : int (optional)
  • failedTotalCritical : int (optional)
  • failedTotalHigh : int (optional)
  • failedTotalLow : int (optional)
  • failedTotalMedium : int (optional)
  • newThresholdAnalysisExploitable : boolean (optional)
  • pattern : String (optional)
  • stopBuild : boolean (optional)
  • totalThresholdAnalysisExploitable : boolean (optional)
  • unstableNewCritical : int (optional)
  • unstableNewHigh : int (optional)
  • unstableNewLow : int (optional)
  • unstableNewMedium : int (optional)
  • unstableTotalCritical : int (optional)
  • unstableTotalHigh : int (optional)
  • unstableTotalLow : int (optional)
  • unstableTotalMedium : int (optional)

step([$class: 'DependencyCheckPublisher']): Publish Dependency-Check results

  • failedNewCritical : int (optional)
  • failedNewHigh : int (optional)
  • failedNewLow : int (optional)
  • failedNewMedium : int (optional)
  • failedTotalCritical : int (optional)
  • failedTotalHigh : int (optional)
  • failedTotalLow : int (optional)
  • failedTotalMedium : int (optional)
  • newThresholdAnalysisExploitable : boolean (optional)
  • pattern : String (optional)
    Specifies the Dependency-Check XML report to parse. If not specified, the value will default to **/dependency-check-report.xml.
  • stopBuild : boolean (optional)
    If enabled, it stops the build when one of failed threshold is violated. It does not on unstable threshold.
  • totalThresholdAnalysisExploitable : boolean (optional)
  • unstableNewCritical : int (optional)
  • unstableNewHigh : int (optional)
  • unstableNewLow : int (optional)
  • unstableNewMedium : int (optional)
  • unstableTotalCritical : int (optional)
  • unstableTotalHigh : int (optional)
  • unstableTotalLow : int (optional)
  • unstableTotalMedium : int (optional)

dependencyCheck: Invoke Dependency-Check

  • odcInstallation : String
  • additionalArguments : String (optional)
    Defines the arguments to pass to the command-line tool. By default, the following options will be passed if not specified:

    --project The name of the Jenkins job
    --scan The build workspace
    --format XML
  • nvdCredentialsId : String (optional)

    With 9.0.0 dependency-check has moved from using the NVD data-feed to the NVD API.
    Users of dependency-check are highly encouraged to obtain an NVD API Key; see https://nvd.nist.gov/developers/request-an-api-key
    Without an NVD API Key dependency-check's updates will be extremely slow.

    The NVD API Key, CI, and Rate Limiting
    The NVD API has enforced rate limits. If you are using a single API KEY and multiple builds occur you could hit the rate limit and receive 403 errors.
    In a CI environment one must use a caching strategy or use a set API KEY to use for different jobs.

  • skipOnScmChange : boolean (optional)
    If enabled, a Dependency-Check analysis will not be performed if the job was triggered by an SCM change.
  • skipOnUpstreamChange : boolean (optional)
    If enabled, a Dependency-Check analysis will not be performed if the job was triggered by an upstream change.
  • stopBuild : boolean (optional)
    If enabled, it stops the build when the Dependency-Check analysis exit with code different than 0.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.