jeremylong · jeremylong · Nov 11, 2024 · Nov 9, 2024
diff --git a/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java b/ant/src/main/java/org/owasp/dependencycheck/taskdefs/Check.java
@@ -430,6 +430,10 @@ public class Check extends Update {
      * The Artifactory bearer token.
      */
     private String artifactoryAnalyzerBearerToken;
+    /**
+     * Whether the version check is enabled
+     */
+    private Boolean versionCheckEnabled;
 
     //The following code was copied Apache Ant PathConvert
     //BEGIN COPY from org.apache.tools.ant.taskdefs.PathConvert
@@ -442,6 +446,25 @@ public class Check extends Update {
      */
     private Reference refId = null;
 
+    /**
+     * Returns whether the version check is enabled.
+     *
+     * @return true if the version check is enabled; otherwise false.
+     */
+    public Boolean getVersionCheckEnabled() {
+        return versionCheckEnabled;
+    }
+
+    /**
+     * Sets whether the version check is enabled.
+     *
+     * @param versionCheckEnabled a Boolean indicating if the version check is
+     * enabled.
+     */
+    public void setVersionCheckEnabled(Boolean versionCheckEnabled) {
+        this.versionCheckEnabled = versionCheckEnabled;
+    }
+
     /**
      * Add an arbitrary ResourceCollection.
      *
@@ -947,7 +970,7 @@ public Boolean isComposerAnalyzerEnabled() {
     public void setComposerAnalyzerEnabled(Boolean composerAnalyzerEnabled) {
         this.composerAnalyzerEnabled = composerAnalyzerEnabled;
     }
-    
+
     /**
      * Get the value of composerAnalyzerSkipDev.
      *
@@ -2173,6 +2196,7 @@ protected void populateSettings() throws BuildException {
         super.populateSettings();
         getSettings().setBooleanIfNotNull(Settings.KEYS.AUTO_UPDATE, autoUpdate);
         getSettings().setArrayIfNotEmpty(Settings.KEYS.SUPPRESSION_FILE, suppressionFiles);
+        getSettings().setBooleanIfNotNull(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED, versionCheckEnabled);
         getSettings().setStringIfNotEmpty(Settings.KEYS.HINTS_FILE, hintsFile);
         getSettings().setBooleanIfNotNull(Settings.KEYS.ANALYZER_EXPERIMENTAL_ENABLED, enableExperimental);
         getSettings().setBooleanIfNotNull(Settings.KEYS.PRETTY_PRINT, prettyPrint);

diff --git a/ant/src/site/markdown/configuration.md b/ant/src/site/markdown/configuration.md
@@ -138,6 +138,7 @@ pathToCore                          | The path to dotnet core .NET assembly anal
 golangDepEnabled                    | Sets whether the [experimental](../analyzers/index.html) Golang Dependency Analyzer should be used. `enableExperimental` must be set to true. | true
 golangModEnabled                    | Sets whether the [experimental](../analyzers/index.html) Goland Module Analyzer should be used; requires `go` to be installed. `enableExperimental` must be set to true. | true
 pathToGo                            | The path to `go`.                                                                                          | &nbsp;
+versionCheckEnabled                 | Whether dependency-check should check if a new version of dependency-check-maven exists.                   | true
 
 Advanced Configuration
 ====================

diff --git a/cli/src/main/java/org/owasp/dependencycheck/App.java b/cli/src/main/java/org/owasp/dependencycheck/App.java
@@ -513,6 +513,8 @@ protected void populateSettings(CliParser cli) throws InvalidSettingException {
                 cli.hasOption(CliParser.ARGUMENT.RETIREJS_FILTER_NON_VULNERABLE));
         settings.setBoolean(Settings.KEYS.ANALYZER_JAR_ENABLED,
                 !cli.isDisabled(CliParser.ARGUMENT.DISABLE_JAR, Settings.KEYS.ANALYZER_JAR_ENABLED));
+        settings.setBoolean(Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED,
+                !cli.isDisabled(CliParser.ARGUMENT.DISABLE_VERSION_CHECK, Settings.KEYS.UPDATE_VERSION_CHECK_ENABLED));
         settings.setBoolean(Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED,
                 !cli.isDisabled(CliParser.ARGUMENT.DISABLE_MSBUILD, Settings.KEYS.ANALYZER_MSBUILD_PROJECT_ENABLED));
         settings.setBoolean(Settings.KEYS.ANALYZER_ARCHIVE_ENABLED,

diff --git a/cli/src/main/java/org/owasp/dependencycheck/CliParser.java b/cli/src/main/java/org/owasp/dependencycheck/CliParser.java
@@ -341,6 +341,7 @@ private void addStandardOptions(final Options options) {
                         "The file path to write verbose logging information."))
                 .addOptionGroup(newOptionGroup(newOptionWithArg(ARGUMENT.SUPPRESSION_FILES, "file",
                         "The file path to the suppression XML file. This can be specified more then once to utilize multiple suppression files")))
+                .addOption(newOption(ARGUMENT.DISABLE_VERSION_CHECK, "Disables the dependency-check version check"))
                 .addOption(newOption(ARGUMENT.EXPERIMENTAL, "Enables the experimental analyzers."))
                 .addOption(newOptionWithArg(ARGUMENT.NVD_API_KEY, "apiKey", "The API Key to access the NVD API."))
                 .addOption(newOptionWithArg(ARGUMENT.FAIL_ON_CVSS, "score",
@@ -1038,6 +1039,11 @@ public static class ARGUMENT {
          * should not be automatically updated.
          */
         public static final String DISABLE_AUTO_UPDATE = "noupdate";
+        /**
+         * The long CLI argument name specifying that the version check should
+         * not be performed.
+         */
+        public static final String DISABLE_VERSION_CHECK = "disableVersionCheck";
         /**
          * The short CLI argument name specifying that the CPE/CVE/etc. data
          * should not be automatically updated.

diff --git a/cli/src/site/markdown/arguments.md b/cli/src/site/markdown/arguments.md
@@ -106,7 +106,8 @@ Advanced Options
 |       | \-\-disableGolangMod                  |                 | Sets whether the [experimental](../analyzers/index.html) Go Mod Analyzer should be used.                                                                                                                                                                                                                                           | &nbsp;        |
 |       | \-\-disableMixAudit                   |                 | Sets whether the [experimental](../analyzers/index.html) Elixir mix audit Analyze should be used.                                                                                                                                                                                                                                  | &nbsp;        |
 |       | \-\-disablePoetry                     |                 | Sets whether the [experimental](../analyzers/index.html) Poetry Analyzer should be used.                                                                                                                                                                                                                                           | &nbsp;        |
-|       | \-\-go                                | \<path\>        | The path to `go` executable for the Go Mode Analyzer; only necessary if `go` is not on the path.                                                                                                       | &nbsp;        |
+|       | \-\-disableVersionCheck               |                 | Sets whether dependency-check should check if a new version is available.                                                                                                                                                                                                                                                          | &nbsp;        |
+|       | \-\-go                                | \<path\>        | The path to `go` executable for the Go Mode Analyzer; only necessary if `go` is not on the path.                                                                                                                                                                                                                                   | &nbsp;        |
 |       | \-\-bundleAudit                       |                 | The path to the bundle-audit executable.                                                                                                                                                                                                                                                                                           | &nbsp;        |
 |       | \-\-bundleAuditWorkingDirectory       | \<path\>        | The path to working directory that the bundle-audit command should be executed from when doing Gem bundle analysis.                                                                                                                                                                                                                | &nbsp;        |
 |       | \-\-proxyserver                       | \<server\>      | The proxy server to use when downloading resources; see the [proxy configuration](../data/proxy.html) page for more information.                                                                                                                                                                                                   | &nbsp;        |