Skip to content
/ DependencyCheck Public
forked from jeremylong/DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

www.owasp.org/index.php/owasp_dependency_check

License

Apache-2.0 license
1 star 1.3k forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bvfalcon/DependencyCheck

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7,970 Commits
.github
.github
 
 
ant
ant
 
 
archetype
archetype
 
 
cli
cli
 
 
core
core
 
 
maven
maven
 
 
src
src
 
 
utils
utils
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.java-version
.java-version
 
 
Dockerfile
Dockerfile
 
 
LICENSE.txt
LICENSE.txt
 
 
NOTICE.txt
NOTICE.txt
 
 
README.md
README.md
 
 
RELEASE_NOTES.md
RELEASE_NOTES.md
 
 
SECURITY.md
SECURITY.md
 
 
build-docker.sh
build-docker.sh
 
 
coverity_scan.sh
coverity_scan.sh
 
 
docker-pullcount.sh
docker-pullcount.sh
 
 
list-changes.sh
list-changes.sh
 
 
pom.xml
pom.xml
 
 
prepare-release.sh
prepare-release.sh
 
 
publish-docker.sh
publish-docker.sh
 
 
release_stats.sh
release_stats.sh
 
 
settings.xml
settings.xml
 
 
sha256_cli.sh
sha256_cli.sh
 
 
shell-docker.sh
shell-docker.sh
 
 
test-docker.sh
test-docker.sh
 
 

Repository files navigation

Dependency-Check: goal analyze

How to use analyze goal.

Preconditions:

  1. Java 11 or higher is installed
  2. Maven 3.6 or higher is installed

Steps:

  1. Build the plugin with command
mvn clean install -DskipTests
  1. Create new folder and file pom.xml in it with content>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>test</groupId>
    <artifactId>test</artifactId>
    <version>1.0.0-SNAPSHOT</version>
</project>
  1. In this folder run analysis with command
mvn clean org.owasp:dependency-check-maven:6.5.2.test:analyze -DgroupId=<groupId> -DartifactId=<artifactId>

Examples:

mvn clean org.owasp:dependency-check-maven:6.5.2.test:analyze -DgroupId=org.glassfish -DartifactId=jakarta.faces
mvn clean org.owasp:dependency-check-maven:6.5.2.test:analyze -DgroupId=org.springframework -DartifactId=spring-web
mvn clean org.owasp:dependency-check-maven:6.5.2.test:analyze -DgroupId=com.fasterxml.jackson.core -DartifactId=jackson-databind

And wait. On analysis complete, in folder target/ can be seen one or more files "dependency-analyze-report-*.html" and one file dependency-analyze-report-result.csv. File dependency-analyze-report-result.csv contains final results of analysis.

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE.txt file for the full license.

Dependency-Check makes use of several other open source libraries. Please see the NOTICE.txt file for more information.

Copyright (c) 2012-2021 Jeremy Long. All Rights Reserved.

About

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

www.owasp.org/index.php/OWASP_Dependency_Check

Topics

maven maven-plugin security-analysis

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Packages

 
 
 

Languages

  • Java 63.2%
  • JavaScript 23.9%
  • CMake 8.8%
  • M4 1.4%
  • Groovy 0.5%
  • Ruby 0.5%
  • Other 1.7%