ossindex:audit-aggregate

Vulnerability audit of aggregate project dependencies via Sonatype OSS Index.

Parameters

13 parameters
Name Type Since Description
authId java.lang.String Set client authentication from Maven settings server configuration.
baseUrl java.net.URI Override Sonatype OSS Index service base-URL.
clientConfiguration org.sonatype.ossindex.service.client.OssindexClientConfiguration Sonatype OSS Index client configuration.
cvssScoreThreshold float CVSS-score threshold. Vulnerabilities with lower scores will be excluded.
excludeCoordinates java.util.Set Set of coordinates to exclude from vulnerability matching.
excludeCoordinatesCsv java.lang.String Set excludeCoordinates from a comma-separated list.
excludeVulnerabilityIds java.util.Set Set of Sonatype OSS Index vulnerability identifiers to exclude from matching.
excludeVulnerabilityIdsCsv java.lang.String Set excludeVulnerabilityIds from a comma-separated list.
fail boolean When vulnerable components are found; fail the build.
reportFile java.io.File Export component-report to file. Supports .json, .xml and .txt extensions.
scope java.lang.String Limit scope of dependency resolution.
skip boolean Skip execution.
transitive boolean Include transitive dependencies.

authId

Set client authentication from Maven settings server configuration.

baseUrl

Override Sonatype OSS Index service base-URL.

clientConfiguration

Sonatype OSS Index client configuration.

cvssScoreThreshold

CVSS-score threshold. Vulnerabilities with lower scores will be excluded.

excludeCoordinates

Set of coordinates to exclude from vulnerability matching.

excludeCoordinatesCsv

Set excludeCoordinates from a comma-separated list.

excludeVulnerabilityIds

Set of Sonatype OSS Index vulnerability identifiers to exclude from matching.

excludeVulnerabilityIdsCsv

Set excludeVulnerabilityIds from a comma-separated list.

fail

When vulnerable components are found; fail the build.

reportFile

Export component-report to file. Supports .json, .xml and .txt extensions.

scope

Limit scope of dependency resolution.

skip

Skip execution.

transitive

Include transitive dependencies.