|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.bitbake.build.env.name |
oe-init-build-env |
|
The name of the build environment init script |
|
|
| --detect.bitbake.package.names |
|
|
A comma separated list of package names to extract dependencies from |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --blackduck.api.token |
|
|
Black Duck API Token |
|
|
| --blackduck.offline.mode |
false |
|
This can disable any Black Duck communication - if true, Detect will not upload BDIO files, it will not check policies, and it will not download and install the signature scanner. |
|
|
| --blackduck.password |
|
|
Black Duck password |
|
|
| --blackduck.proxy.host |
|
|
Proxy host |
|
|
| --blackduck.proxy.ignored.hosts |
|
|
Comma separated list of host patterns that should not use the proxy |
|
|
| --blackduck.proxy.ntlm.domain |
|
|
Ntlm Proxy domain |
|
|
| --blackduck.proxy.ntlm.workstation |
|
|
Ntlm Proxy workstation |
|
|
| --blackduck.proxy.password |
|
|
Proxy password |
|
|
| --blackduck.proxy.port |
|
|
Proxy port |
|
|
| --blackduck.proxy.username |
|
|
Proxy username |
|
|
| --blackduck.timeout |
120 |
|
Time to wait for rest connections to complete |
|
|
| --blackduck.trust.cert |
false |
|
If true, automatically trust the certificate for the current run of Detect only |
|
|
| --blackduck.url |
|
|
URL of the Black Duck server |
|
|
| --blackduck.username |
|
|
Black Duck username |
|
|
| --detect.disable.without.blackduck |
false |
|
If true, during initialization Detect will check for Black Duck connectivity and exit with status code 0 if it cannot connect. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.cleanup |
true |
|
If true the files created by Detect will be cleaned up. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.conda.environment.name |
|
|
The name of the anaconda environment used by your project |
|
|
| --detect.conda.path |
|
|
The path of the conda executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.cpan.path |
|
|
The path of the cpan executable |
|
|
| --detect.cpanm.path |
|
|
The path of the cpanm executable |
|
|
| --detect.perl.path |
|
|
The path of the perl executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.excluded.bom.tool.types |
|
|
By default, all tools will be included. If you want to exclude specific detectors, specify the ones to exclude here. If you want to exclude all tools, specify "ALL". Exclusion rules always win. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.excluded.detector.types in the future. |
| --detect.excluded.detector.types |
|
|
By default, all tools will be included. If you want to exclude specific detectors, specify the ones to exclude here. If you want to exclude all tools, specify "ALL". Exclusion rules always win. |
|
|
| --detect.included.bom.tool.types |
|
|
By default, all tools will be included. If you want to include only specific tools, specify the ones to include here. Exclusion rules always win. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.included.detector.types in the future. |
| --detect.included.detector.types |
|
|
By default, all tools will be included. If you want to include only specific tools, specify the ones to include here. Exclusion rules always win. |
|
|
| --detect.required.bom.tool.types |
|
|
If set, detect will fail if it does not find the bom tool types supplied here. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.required.detector.types in the future. |
| --detect.required.detector.types |
|
|
If set, detect will fail if it does not find the detector types supplied here. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.docker.image |
|
|
The docker image name to inspect. For detect to run docker either this property or detect.docker.tar must be set. |
|
|
| --detect.docker.inspector.air.gap.path |
|
|
The path to the directory containing the docker inspector script, jar, and images |
|
|
| --detect.docker.inspector.path |
|
|
This is used to override using the hosted script by github url. You can provide your own script at this path. |
|
|
| --detect.docker.inspector.version |
|
|
Version of the Docker Inspector to use. By default detect will attempt to automatically determine the version to use. |
|
|
| --detect.docker.path |
|
|
Path of the docker executable |
|
|
| --detect.docker.path.required |
true |
|
If set to false, detect will attempt to run docker even if it cannot find a docker path. |
|
|
| --detect.docker.tar |
|
|
A saved docker image - must be a .tar file. For detect to run docker either this property or detect.docker.image must be set. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.force.success |
false |
|
If true, detect will always exit with code 0. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.go.dep.path |
|
|
Path of the Go Dep executable |
|
|
| --detect.go.run.dep.init |
false |
|
If set to true, we will attempt to run 'init' and 'ensure' which can modify your development environment. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.gradle.build.command |
|
|
Gradle build command |
|
|
| --detect.gradle.excluded.configurations |
|
|
The names of the dependency configurations to exclude |
|
|
| --detect.gradle.excluded.projects |
|
|
The names of the projects to exclude |
|
|
| --detect.gradle.included.configurations |
|
|
The names of the dependency configurations to include |
|
|
| --detect.gradle.included.projects |
|
|
The names of the projects to include |
|
|
| --detect.gradle.inspector.air.gap.path |
|
|
The path to the directory containing the air gap dependencies for the gradle inspector |
|
|
| --detect.gradle.inspector.repository.url |
|
|
The respository gradle should use to look for the gradle inspector dependencies |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. In the future, the gradle inspector will no longer be downloaded from a custom repository, please use Detect Air Gap instead. |
| --detect.gradle.inspector.version |
|
|
The override version of the Gradle Inspector to use. By default, detect will try to automatically determine the correct gradle version. |
|
|
| --detect.gradle.path |
|
|
Path of the Gradle executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.hex.rebar3.path |
|
|
The path of the rebar3 executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --blackduck.hub.api.token |
|
|
Hub API Token |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.api.token in the future. |
| --blackduck.hub.offline.mode |
false |
|
This can disable any Hub communication - if true, Detect will not upload BDIO files, it will not check policies, and it will not download and install the signature scanner. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.offline.mode in the future. |
| --blackduck.hub.password |
|
|
Hub password |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.password in the future. |
| --blackduck.hub.proxy.host |
|
|
Proxy host |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.host in the future. |
| --blackduck.hub.proxy.ignored.hosts |
|
|
Comma separated list of host patterns that should not use the proxy |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.ignored.hosts in the future. |
| --blackduck.hub.proxy.ntlm.domain |
|
|
Ntlm Proxy domain |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.ntlm.domain in the future. |
| --blackduck.hub.proxy.ntlm.workstation |
|
|
Ntlm Proxy workstation |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.ntlm.workstation in the future. |
| --blackduck.hub.proxy.password |
|
|
Proxy password |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.password in the future. |
| --blackduck.hub.proxy.port |
|
|
Proxy port |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.port in the future. |
| --blackduck.hub.proxy.username |
|
|
Proxy username |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.proxy.username in the future. |
| --blackduck.hub.timeout |
120 |
|
Time to wait for rest connections to complete |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.timeout in the future. |
| --blackduck.hub.trust.cert |
false |
|
If true, automatically trust the certificate for the current run of Detect only |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.trust.cert in the future. |
| --blackduck.hub.url |
|
|
URL of the Hub server |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.url in the future. |
| --blackduck.hub.username |
|
|
Hub username |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --blackduck.username in the future. |
| --detect.disable.without.hub |
false |
|
If true, during initialization Detect will check for Hub connectivity and exit with status code 0 if it cannot connect. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.disable.without.blackduck in the future. |
| --detect.test.connection |
false |
|
Test the connection to Black Duck with the current configuration |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.suppress.configuration.output |
false |
|
If true, the default behavior of printing your configuration properties at startup will be suppressed. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is being removed. Configuration can no longer be suppressed individually. Log level can be used. |
| --detect.suppress.results.output |
false |
|
If true, the default behavior of printing the Detect Results will be suppressed. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is being removed. Results can no longer be suppressed individually. Log level can be used. |
| --logging.level.com.blackducksoftware.integration |
INFO |
ALL, TRACE, DEBUG, INFO, WARN, ERROR, FATAL, OFF |
The logging level of Detect |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.maven.build.command |
|
|
Maven build command |
|
|
| --detect.maven.excluded.modules |
|
|
The names of the module to exclude |
|
|
| --detect.maven.included.modules |
|
|
The names of the module to include |
|
|
| --detect.maven.path |
|
|
The path of the Maven executable |
|
|
| --detect.maven.scope |
|
|
The name of the dependency scope to include |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.npm.arguments |
|
|
A space-separated list of additional arguments to use when running Detect against an NPM project |
|
|
| --detect.npm.include.dev.dependencies |
true |
|
Set this value to false if you would like to exclude your dev dependencies when ran |
|
|
| --detect.npm.node.path |
|
|
The path of the node executable that is used by Npm |
|
|
| --detect.npm.path |
|
|
The path of the Npm executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.dotnet.path |
|
|
The path of the dotnet executable |
|
|
| --detect.nuget.config.path |
|
|
The path to the Nuget.Config file to supply to the nuget exe |
|
|
| --detect.nuget.excluded.modules |
|
|
The names of the projects in a solution to exclude |
|
|
| --detect.nuget.ignore.failure |
false |
|
If true errors will be logged and then ignored. |
|
|
| --detect.nuget.included.modules |
|
|
The names of the projects in a solution to include (overrides exclude) |
|
|
| --detect.nuget.inspector.air.gap.path |
|
|
The path to the directory containing the nuget inspector nupkg |
|
|
| --detect.nuget.inspector.name |
IntegrationNugetInspector |
|
Name of the Nuget Inspector package and the Nuget Inspector exe. (Do not include .exe) |
The nuget inspector (previously) could be hosted on a custom nuget feed. In this case, detect needed to know the name of the package to pull and the name of the exe file (which has to match). In the future, detect will only retreive it from Artifactory or from Air Gap so a custom name is no longer supported. |
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. In the future, detect will not look for a custom named inspector. |
| --detect.nuget.inspector.version |
|
|
Version of the Nuget Inspector. By default detect will communicate with Artifactory. |
|
|
| --detect.nuget.packages.repo.url |
https://api.nuget.org/v3/index.json |
|
The source for nuget packages |
Set this to "https://www.nuget.org/api/v2/" if your are still using a nuget client expecting the v2 api |
|
| --detect.nuget.path |
|
|
The path of the Nuget executable. Nuget is used to download the classic inspectors nuget package. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. In the future, detect will no longer need a nuget executable as it will download the inspector from Artifactory exclusively. |
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.packagist.include.dev.dependencies |
true |
|
Set this value to false if you would like to exclude your dev requires dependencies when ran |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.bash.path |
|
|
Path of the bash executable |
|
|
| --detect.bdio.output.path |
|
|
The output directory for all bdio files. If not set, the bdio files will be in a 'bdio' subdirectory of the output path. |
|
|
| --detect.bom.tool.search.continue |
false |
|
If true, the bom tool search will continue to look for nested bom tools of the same type to the maximum search depth, see the detailed help for more information. |
If true, Detect will find Maven projects that are in subdirectories of a Maven project and Gradle projects that are in subdirectories of Gradle projects, etc.
If false, Detect will only find bom tools in subdirectories of a project if they are of a different type such as an Npm project in a subdirectory of a Gradle project. |
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.detector.search.continue in the future. |
| --detect.bom.tool.search.depth |
0 |
|
Depth from source paths to search for files to determine if a bom tool applies. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.detector.search.depth in the future. |
| --detect.bom.tool.search.exclusion |
|
|
A comma-separated list of directory names to exclude from the bom tool search. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.detector.search.exclusion in the future. |
| --detect.bom.tool.search.exclusion.defaults |
true |
|
If true, the bom tool search will exclude the default directory names. See the detailed help for more information. |
If true, these directories will be excluded from the bom tool search: bin, build, .git, .gradle, node_modules, out, packages, target |
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.detector.search.exclusion.defaults in the future. |
| --detect.detector.search.continue |
false |
|
If true, the bom tool search will continue to look for nested bom tools of the same type to the maximum search depth, see the detailed help for more information. |
If true, Detect will find Maven projects that are in subdirectories of a Maven project and Gradle projects that are in subdirectories of Gradle projects, etc.
If false, Detect will only find bom tools in subdirectories of a project if they are of a different type such as an Npm project in a subdirectory of a Gradle project. |
|
| --detect.detector.search.depth |
0 |
|
Depth from source paths to search for files to determine if a detector applies. |
|
|
| --detect.detector.search.exclusion |
|
|
A comma-separated list of directory names to exclude from the bom tool search. |
|
|
| --detect.detector.search.exclusion.defaults |
true |
|
If true, the bom tool search will exclude the default directory names. See the detailed help for more information. |
If true, these directories will be excluded from the detector search: bin, build, .git, .gradle, node_modules, out, packages, target |
|
| --detect.java.path |
|
|
Path of the java executable |
|
|
| --detect.output.path |
|
|
Output path |
|
|
| --detect.project.bom.tool |
|
|
The detector to choose when multiple detector types are found and one needs to be chosen for project name and version. This property should be used with the detect.project.tool. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.project.detector in the future. |
| --detect.project.detector |
|
|
The detector to choose when multiple detector types are found and one needs to be chosen for project name and version. This property should be used with the detect.project.tool. |
|
|
| --detect.project.tool |
DETECTOR,DOCKER |
DETECTOR, DOCKER |
The tool priority for project name and version. The first tool in this list that provides a project name and version will be used. |
|
|
| --detect.resolve.tilde.in.paths |
true |
|
If set to false we will not automatically resolve the '~/' prefix in a mac or linux path to the user's home directory. |
|
|
| --detect.scan.output.path |
|
|
The output directory for all scan files. If not set, the scan files will be in a 'scan' subdirectory of the output path. |
|
|
| --detect.search.depth |
3 |
|
Depth from source paths to search for sbt report files. |
|
Will cause failures in version 5.0.0. Will be removed in version 6.0.0. This property is changing. Please use --detect.sbt.report.depth in the future. |
| --detect.source.path |
|
|
Source path to inspect |
|
|
| --detect.tools |
|
DETECTOR, DOCKER, SIGNATURE_SCAN, BINARY_SCAN, POLARIS, NONE, ALL |
The tools detect should allow in a comma-separated list. Included and not excluded tools will be allowed to run if all criteria of the tool is met. Exclusion rules always win. |
|
|
| --detect.tools.excluded |
|
DETECTOR, DOCKER, SIGNATURE_SCAN, BINARY_SCAN, POLARIS, NONE, ALL |
The tools detect should not allow in a comma-separated list. Excluded tools will not be run even if all criteria for the tool is met. Exclusion rules always win. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.pear.only.required.deps |
false |
|
Set to true if you would like to include only required packages |
|
|
| --detect.pear.path |
|
|
The path of the pear executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.pip.project.name |
|
|
The name of your pip project, to be used if your project's name cannot be correctly inferred from its setup.py file |
|
Will cause failures in version 5.0.0. Will be removed in version 6.0.0. This property is being removed. Please use --detect.project.name in the future. |
| --detect.pip.project.version.name |
|
|
The version of your pip project, to be used if your project's version name cannot be correctly inferred from its setup.py file |
|
Will cause failures in version 5.0.0. Will be removed in version 6.0.0. This property is being removed. Please use --detect.project.version.name in the future. |
| --detect.pip.requirements.path |
|
|
The path of the requirements.txt file |
|
|
| --detect.pipenv.path |
|
|
The path of the Pipenv executable |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.polaris.enabled |
false |
|
Set to false to disable the Synopsys Polaris Tool. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.tools and POLARIS in the future. |
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.policy.check.fail.on.severities |
|
ALL, BLOCKER, CRITICAL, MAJOR, MINOR, TRIVIAL |
A comma-separated list of policy violation severities that will fail detect. If this is not set, detect will not fail due to policy violations. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.api.timeout |
300000 |
|
Timeout for response from Black Duck regarding your project (i.e. risk reports and policy check). When changing this value, keep in mind the checking of policies might have to wait for a new scan to process which can take some time. |
|
|
| --detect.bom.aggregate.name |
|
|
If set, this will aggregate all the BOMs to create a single BDIO file with the name provided. |
|
|
| --detect.clone.project.version.name |
|
|
The name of the project version to clone this project version from. Respects the Clone Categories as set on the Black Duck server. |
|
|
| --detect.code.location.name |
|
|
An override for the name detect will use for the code location it creates. If supplied and multiple code locations are found, detect will append an index to each code location name. |
|
|
| --detect.default.project.version.scheme |
text |
|
The scheme to use when the package managers can not determine a version, either 'text' or 'timestamp' |
|
|
| --detect.default.project.version.text |
Default Detect Version |
|
The text to use as the default project version |
|
|
| --detect.default.project.version.timeformat |
yyyy-MM-dd\'T\'HH:mm:ss.SSS |
|
The timestamp format to use as the default project version |
|
|
| --detect.notices.report |
false |
|
When set to true, a Black Duck notices report in text form will be created in your source directory |
|
|
| --detect.notices.report.path |
. |
|
The output directory for notices report. Default is the source directory |
|
|
| --detect.project.clone.categories |
COMPONENT_DATA,VULN_DATA |
COMPONENT_DATA, VULN_DATA |
An override for the Project Clone Categories that are used when cloning a version. If the project already exists, make sure to use --detect.project.version.update to make sure these are set. |
|
|
| --detect.project.codelocation.prefix |
|
|
A prefix to the name of the codelocations created by Detect. Useful for running against the same projects on multiple machines. |
|
|
| --detect.project.codelocation.suffix |
|
|
A suffix to the name of the codelocations created by Detect. |
|
|
| --detect.project.codelocation.unmap |
false |
|
If set to true, unmaps all other code locations mapped to the project version produced by the current run of Detect. |
|
|
| --detect.project.description |
|
|
If project description is specified, your project version will be created with this description. |
|
|
| --detect.project.level.adjustments |
true |
|
An override for the Project level matches. |
|
|
| --detect.project.name |
|
|
An override for the name to use for the Black Duck project. If not supplied, detect will attempt to use the tools to figure out a reasonable project name. If that fails, the final part of the directory path where the inspection is taking place will be used. |
|
|
| --detect.project.tier |
|
1, 2, 3, 4, 5 |
If a Black Duck project tier is specified, your project will be created with this tier. |
|
|
| --detect.project.version.distribution |
External |
EXTERNAL, SAAS, INTERNAL, OPENSOURCE |
An override for the Project Version distribution |
|
|
| --detect.project.version.name |
|
|
An override for the version to use for the Black Duck project. If not supplied, detect will attempt to use the tools to figure out a reasonable version name. If that fails, the current date will be used. |
|
|
| --detect.project.version.notes |
|
|
If project version notes are specified, your project version will be created with these notes. |
|
|
| --detect.project.version.phase |
Development |
PLANNING, DEVELOPMENT, RELEASED, DEPRECATED, ARCHIVED |
An override for the Project Version phase. |
|
|
| --detect.project.version.update |
false |
|
If set to true, will update the Project Version with the configured properties. See detailed help for more information. |
When set to true, the following properties will be updated on the Project. Project tier (detect.project.tier) and Project Level Adjustments (detect.project.level.adjustments).
The following properties will also be updated on the Version. Version notes (detect.project.version.notes), phase (detect.project.version.phase), distribution (detect.project.version.distribution) |
|
| --detect.risk.report.pdf |
false |
|
When set to true, a Black Duck risk report in PDF form will be created |
|
|
| --detect.risk.report.pdf.path |
. |
|
The output directory for risk report in PDF. Default is the source directory |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.python.path |
|
|
The path of the Python executable |
|
|
| --detect.python.python3 |
false |
|
If true will use Python 3 if available on class path |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.sbt.excluded.configurations |
|
|
The names of the sbt configurations to exclude |
|
|
| --detect.sbt.included.configurations |
|
|
The names of the sbt configurations to include |
|
|
| --detect.sbt.report.search.depth |
3 |
|
Depth the sbt detector will use to search for report files. |
|
|
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.binary.scan.file.path |
|
|
The path of a binary file to scan. |
|
|
| --detect.blackduck.signature.scanner.arguments |
|
|
Additional arguments to use when running the Black Duck signature scanner. |
|
|
| --detect.blackduck.signature.scanner.disabled |
false |
|
Set to true to disable the Black Duck Signature Scanner. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.tools in the future. |
| --detect.blackduck.signature.scanner.dry.run |
false |
|
If set to true, the signature scanner results will not be uploaded to Black Duck and the scanner results will be written to disk. |
|
|
| --detect.blackduck.signature.scanner.exclusion.name.patterns |
node_modules |
|
Comma separated list of file name patterns to exclude from the signature scan. |
Detect will recursively search within the scan targets for files/directories that match these file name patterns and will create the corresponding exclusion patterns for the signature scanner.
These patterns will be added to the patterns provided by detect.blackduck.signature.scanner.exclusion.patterns |
|
| --detect.blackduck.signature.scanner.exclusion.pattern.search.depth |
4 |
|
Enables you to adjust the depth to which detect will search when creating signature scanner exclusion patterns |
|
|
| --detect.blackduck.signature.scanner.exclusion.patterns |
|
|
Enables you to specify sub-directories to exclude from scans |
|
|
| --detect.blackduck.signature.scanner.host.url |
|
|
If this url is set, an attempt will be made to use it to download the signature scanner. The server url provided must respect the Black Duck's urls for different operating systems. |
|
|
| --detect.blackduck.signature.scanner.local.path |
|
|
To use a local signature scanner, specify the path where the signature scanner was unzipped. This will likely look similar to 'scan.cli-x.y.z' and includes the 'bin, icon, jre, and lib' directories of the expanded scan.cli. |
|
|
| --detect.blackduck.signature.scanner.memory |
4096 |
|
The memory for the scanner to use. |
|
|
| --detect.blackduck.signature.scanner.offline.local.path |
|
|
To use a local signature scanner and force offline, specify the path where the signature scanner was unzipped. This will likely look similar to 'scan.cli-x.y.z' and includes the 'bin, icon, jre, and lib' directories of the expanded scan.cli. |
|
|
| --detect.blackduck.signature.scanner.parallel.processors |
1 |
|
The number of scans to run in parallel, defaults to 1, but if you specify -1, the number of processors on the machine will be used. |
|
|
| --detect.blackduck.signature.scanner.paths |
|
|
These paths and only these paths will be scanned. |
|
|
| --detect.blackduck.signature.scanner.snippet.mode |
false |
|
If set to true, the signature scanner will, if supported by your Black Duck version, run in snippet scanning mode. |
|
|
| --detect.hub.signature.scanner.arguments |
|
|
Additional arguments to use when running the Hub signature scanner. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.arguments in the future. |
| --detect.hub.signature.scanner.disabled |
false |
|
Set to true to disable the Hub Signature Scanner. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.tools in the future. |
| --detect.hub.signature.scanner.dry.run |
false |
|
If set to true, the signature scanner results will not be uploaded to the Hub and the scanner results will be written to disk. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.dry.run in the future. |
| --detect.hub.signature.scanner.exclusion.name.patterns |
node_modules |
|
Comma separated list of file name patterns to exclude from the signature scan. |
Detect will recursively search within the scan targets for files/directories that match these file name patterns and will create the corresponding exclusion patterns for the signature scanner.
These patterns will be added to the patterns provided by detect.hub.signature.scanner.exclusion.patterns |
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.exclusion.name.patterns in the future. |
| --detect.hub.signature.scanner.exclusion.patterns |
|
|
Enables you to specify sub-directories to exclude from scans |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.exclusion.patterns in the future. |
| --detect.hub.signature.scanner.host.url |
|
|
If this url is set, an attempt will be made to use it to download the signature scanner. The server url provided must respect the Hub's urls for different operating systems. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.host.url in the future. |
| --detect.hub.signature.scanner.local.path |
|
|
To use a local signature scanner, specify the path where the signature scanner was unzipped. This will likely look similar to 'scan.cli-x.y.z' and includes the 'bin, icon, jre, and lib' directories of the expanded scan.cli. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.local.path in the future. |
| --detect.hub.signature.scanner.memory |
4096 |
|
The memory for the scanner to use. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.memory in the future. |
| --detect.hub.signature.scanner.offline.local.path |
|
|
To use a local signature scanner and force offline, specify the path where the signature scanner was unzipped. This will likely look similar to 'scan.cli-x.y.z' and includes the 'bin, icon, jre, and lib' directories of the expanded scan.cli. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.offline.local.path in the future. |
| --detect.hub.signature.scanner.parallel.processors |
1 |
|
The number of scans to run in parallel, defaults to 1, but if you specify -1, the number of processors on the machine will be used. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.parallel.processors in the future. |
| --detect.hub.signature.scanner.paths |
|
|
These paths and only these paths will be scanned. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.paths in the future. |
| --detect.hub.signature.scanner.snippet.mode |
false |
|
If set to true, the signature scanner will, if supported by your Hub version, run in snippet scanning mode. |
|
Will cause failures in version 6.0.0. Will be removed in version 7.0.0. This property is changing. Please use --detect.blackduck.signature.scanner.snippet.mode in the future. |
|
| Property Name |
Default |
Acceptable Values |
Description |
Detailed Description |
Deprecation |
| --detect.yarn.path |
|
|
The path of the Yarn executable |
|
|
| --detect.yarn.prod.only |
false |
|
Set this to true to only scan production dependencies |
|
|