...
The OWASP Dependency-Check Pack is a separate tool and must connect to DTP to send results to your DTP project. Specify the following settings in the settings.properties file file located in the installation directory:.
| dtp.server | Specifies the host name of the DTP server. |
| dtp.port | Specifies the DTP port number. Default is 8443. |
| dtp.user | Specifies the username for DTP authentication. |
| dtp.password | Specifies the user password for DTP authentication. You can encode your DTP password by running the dependency.sh or dependency.bat with the
|
| dtp.project | Specifies the name of the existing DTP project that you want to link to. |
| build.id | Specifies the build that the data should be associated with. For accurate results, the build ID should match the build ID configured in your static analysis tool. |
Usage
If you have not already done so, execute OWASP Dependency-Check. The results should be output to an XML file. To send these results to Parasoft DTP using OWASP Dependency-Check Pack:
- Open a command prompt and navigate to the OWASP Dependency-Check Pack installation directory.
Execute the .BAT or .SH script with specifying the OWASP Dependency-Check results using the
-results.fileparameter, for example:No Format ./dependencycheck.sh -results.file="/Users/admin/Desktop/dependency_check.xml"
The
-results.fileis the only required parameter, but you can pass the following optional parameters:-parasoft.local.storage.dir: This setting specifies the location for generated log files. The recommended location is
${project.base.dir}/.dependencycheck. For example:-parasoft.local.storage.dir=.dependencycheck-settings: By default, the OWASP Dependency-Check Pack will reference the settings.properties file in the installation directory, but you can use this setting to point to alternate configuration files. Example:
-settings=C:\my-team-configs\my-settings.properties
...