Skip to content
Snippets Groups Projects
Commit d9da9d46 authored by Bertrand Goareguer's avatar Bertrand Goareguer Committed by Girija Saint Ange
Browse files

docs: how to set NVD api key and data feed url for dependency-check

parent 81a2de79
Branches
Tags
No related merge requests found
......@@ -151,6 +151,21 @@ A Dependency Check is a quite long operation and therefore the job is configured
However, if you want to enable an automatic Dependency-Check scan, you will have to override the `rules` keyword for the `mvn-dependency-check` job.
Dependency-Check fetches its vulnerbility database from the NVD API which has rate limiting. Using an NVD API key, the rate limit is higher which reduces the execution time of Dependency-Check.
In order to configure an NVD API key you need to:
* Set the `NVD_API_KEY` variable with your NVD API key. :warning: This is a sensitive value, so we recommend you add it as a **masked** Gitlab variable
* Add `-DnvdApiKey=$NVD_API_KEY` to `MAVEN_DEPENDENCY_CHECK_ARGS`
In case your Gitlab runners cannot contact the NVD API (e.g. if they are not allowed to connect to the Internet), you can maintain a local data feed cache with the [vulnz](https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz) tool.
In order to configure Dependency-Check to fetch the vulnerabilities from your cache you need to:
* Run the [vulnz](https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz) tool in order to fetch the vulnerabilities and store them as data feeds (the data feeds will be stored as JSON files with the NVD Vulnerability Data API version 2.0 schema)
* Make these data feeds accessible via a URL reachable by your Gitlab runners
* Add `-DnvdDatafeedUrl=https://URL-OF-LOCAL-CACHE` to `MAVEN_DEPENDENCY_CHECK_ARGS`
Furthermore, if you want to upload Dependency-Check reports to SonarQube, you have to:
* Move `mvn-dependency-check` to the `build` stage
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment