FossID-DA has the functionality to detect a custom settings file and apply the settings found in the file to the current analysis configuration. The file has to be named:
fossid-settings.toml
How it works?
The fossid-settings.toml file can be added in the root of the scan that will be analyzed:
├── scan_test_1
├── aclocal
├── bower.json
├── CHANGES.md
├── CMakeLists.txt
├── CHANGES.md
├── complier
├── composer.json
├── LICENSE.txt
├── fossid-settings.toml
├── package.json
└── package-lock.json
This will be detected and all the settings found in it will update the scan configuration,
What settings can be set in fossid-settings.toml ?
As in the fossid.conf in fossid-settings.toml the following settings can be added:
1. List of dependency types that FDA should take into account when running dependency analysis:
[dependency-analysis]
# ["Maven", "PyPI", "Gem", "Composer", "NPM", etc]
# To process all dependency types use: ["ALL"]
supported_package_managers = ["ALL"]
2. Dependency manager versions settings:
[dependency-analysis.system_settings]
# win32, win64, darwin, debian, unix
da_os_type = "linux"
da_python_version = "3.11.4"
da_npm_version="7.24.2"
da_node_version="14.21.3"
da_ruby_version = "3.2.2"
da_gem_version = "3.0.3"
da_maven_version = "3.9.2"
da_scala_version = "2.11"
da_cocoapod_version="1.15.2"
da_swift_version="5.10"
da_dotnet_framework=".NETFramework4.5"
da_dotnet_standard=".NETStandard1.3"
3. Download settings (used with deep scan mode):
[dependency-analysis.download_options]
da_download_path = "/tmp/fossid-da"
4. Scan settings:
[dependency-analysis.scan_options]
da_ignore_lock_manifests = 0
da_single_dependency_versions = 1
da_only_unmanaged = 0
da_allow_dynamic_scopes = 1
da_allow_archive_scanning = 1
da_deep_scan = 0
da_accept_pre_releases = 0
da_allow_node_modules_processing = 0
da_ignore_hidden_files = 1
da_allow_user_agent = 1
da_use_yarn = 0
5. Import scan settings:
[dependency-analysis.import_scan_options]
da_cpp_import_search = 1
da_py_import_search = 0
da_go_import_search = 0
6. Git settings:
[dependency-analysis.git_options]
da_git_user = ""
da_git_token = ""
8. Dependency scope settings:
[dependency-analysis.dependency_scopes]
# Process test scopes. Different project types.
da_ds_test_dependencies=0
# Process development scopes. Different project types.
da_ds_dev_dependencies=0
# Process peer dependencies scopes. Generally NPM projects.
da_ds_peer_dependencies=0
# Process plugin dependencies scopes. Generally Maven projects.
da_ds_plugin_dependencies=0
# Process extensions dependencies scopes. Generally Maven projects.
da_ds_extensions_dependencies=0
# Process provided dependencies scopes. Generally Maven projects.
da_ds_provided_dependencies=0
# Process runtime dependencies scopes. Generally Maven and Gem projects.
da_ds_runtime_dependencies=1
# Process library dependencies scopes. Generally Maven projects.
da_ds_library_dependencies=0
# Process optional dependencies scopes. Different project types.
da_ds_optional_dependencies=0
# Process dependency_overrides dependencies scopes. Generally Dart/Pub projects.
da_ds_dependency_overrides=0
# Process framework dependencies scopes. Generally C/C++ projects.
da_ds_framework=1
# Process classpath dependencies scopes. Generally Maven projects.
da_ds_classpath_dependencies=0
# Process ext scopes. Generally PHP/Composer projects
da_ds_ext_dependencies=0
# Process indirect/transitive scopes. Generally Go projects
da_ds_indirect_dependencies=0
# Process hatch evns. Generally Hatch projects
# Comma separated evns. Ex: "default,lint"
da_ds_hatch_envs=""
9. Dependency graph settings:
[dependency-analysis.graph_depth]
da_gd_maven = 5
da_gd_pypi = 4
da_gd_gem = 7
da_gd_cargo = 4
da_gd_cocoapod = 4
da_gd_npm = 10
da_gd_general = 4
da_gd_go = 2
10. Ignore settings:
[dependency-analysis.ignore_settings]
da_ignore_folders = ""
11. Proxy settings:
[dependency-analysis.proxy_settings]
# Activate proxy usage
da_use_proxy = 0
# Your proxy hostname or IP
da_proxy_host = ""
# Your proxy port (i.e. 8080)
da_proxy_port = ""
# Your proxy username
da_proxy_user = ""
# Your proxy password (plain text), or
da_proxy_pass = ""
# Your SSL proxy client certificate
da_proxy_cert = ""
# Your private key for SSL and TLS proxy client certificate
da_proxy_key = ""
INFO: More info about dependency filtering can be found in FossID-DA-Filtering-Dependency-Types section.
INFO: More info about config settings can be found in FossID-DA-Config-Options section.