ossindex:audit

Vulnerability audit of project dependencies via Sonatype OSS Index.

Full name
org.sonatype.ossindex.maven:ossindex-maven-plugin:3.1.0:audit
Since
3.0.0
Requires Project
true
Requires Online
false
Requires Direct Invocation
false
Thread-safe
false

Parameters

13 parameters
Name Type Since Description
authId java.lang.String Set client authentication from Maven settings server configuration.
baseUrl java.net.URI Override Sonatype OSS Index service base-URL.
clientConfiguration org.sonatype.ossindex.service.client.OssindexClientConfiguration Sonatype OSS Index client configuration.
cvssScoreThreshold float CVSS-score threshold. Vulnerabilities with lower scores will be excluded.
excludeCoordinates java.util.Set Set of coordinates to exclude from vulnerability matching.
excludeCoordinatesCsv java.lang.String Set excludeCoordinates from a comma-separated list.
excludeVulnerabilityIds java.util.Set Set of Sonatype OSS Index vulnerability identifiers to exclude from matching.
excludeVulnerabilityIdsCsv java.lang.String Set excludeVulnerabilityIds from a comma-separated list.
fail boolean When vulnerable components are found; fail the build.
reportFile java.io.File Export component-report to file. Supports .json, .xml and .txt extensions.
scope java.lang.String Limit scope of dependency resolution.
skip boolean Skip execution.
transitive boolean Include transitive dependencies.

authId

Set client authentication from Maven settings server configuration.

Type
java.lang.String
Required
false
User Property
${ossindex.authId}

baseUrl

Override Sonatype OSS Index service base-URL.

Type
java.net.URI
Required
false
User Property
${ossindex.baseUrl}

clientConfiguration

Sonatype OSS Index client configuration.

Type
org.sonatype.ossindex.service.client.OssindexClientConfiguration
Required
false

cvssScoreThreshold

CVSS-score threshold. Vulnerabilities with lower scores will be excluded.

Type
float
Required
false
Default Value
0
User Property
${ossindex.cvssScoreThreshold}

excludeCoordinates

Set of coordinates to exclude from vulnerability matching.

Type
java.util.Set
Required
false

excludeCoordinatesCsv

Set excludeCoordinates from a comma-separated list.

Type
java.lang.String
Required
false
User Property
${ossindex.excludeCoordinates}

excludeVulnerabilityIds

Set of Sonatype OSS Index vulnerability identifiers to exclude from matching.

Type
java.util.Set
Required
false

excludeVulnerabilityIdsCsv

Set excludeVulnerabilityIds from a comma-separated list.

Type
java.lang.String
Required
false
User Property
${ossindex.excludeVulnerabilityIds}

fail

When vulnerable components are found; fail the build.

Type
boolean
Required
false
Default Value
true
User Property
${ossindex.fail}

reportFile

Export component-report to file. Supports .json, .xml and .txt extensions.

Type
java.io.File
Required
false
User Property
${ossindex.reportFile}

scope

Limit scope of dependency resolution.

Type
java.lang.String
Required
false
User Property
${ossindex.scope}

skip

Skip execution.

Type
boolean
Required
false
Default Value
false
User Property
${ossindex.skip}

transitive

Include transitive dependencies.

Type
boolean
Required
false
Default Value
true
User Property
${ossindex.transitive}