dependency-check-core - JavaNCSS Metric Results

JavaNCSS Metric Results

[ package ] [ object ] [ method ] [ explanation ]

The following document contains the results of a JavaNCSS metric analysis, using JavaNCSS version 32.53.
JavaNCSS web site.

Packages

[ package ] [ object ] [ method ] [ explanation ]

Packages sorted by NCSS.

Package	Classes	Methods	NCSS	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
org.owasp.dependencycheck.analyzer	21	170	2030	187	1261	154	597
org.owasp.dependencycheck.jaxb.pom.generated	86	540	1771	626	7069	228	0
org.owasp.dependencycheck.utils	22	98	798	105	648	18	433
org.owasp.dependencycheck.data.nvdcve	9	61	788	68	413	30	266
org.owasp.dependencycheck.dependency	14	160	723	157	994	13	222
org.owasp.dependencycheck.suppression	6	48	326	54	338	6	145
org.owasp.dependencycheck.data.update.xml	4	35	315	34	222	5	124
org.owasp.dependencycheck.data.update	6	35	272	40	267	5	125
org.owasp.dependencycheck.data.lucene	11	30	264	41	259	20	228
org.owasp.dependencycheck.data.cpe	4	30	205	32	218	0	99
org.owasp.dependencycheck	1	18	201	19	109	5	39
org.owasp.dependencycheck.data.update.task	2	17	157	18	121	0	54
org.owasp.dependencycheck.reporting	2	11	138	13	94	1	65
org.owasp.dependencycheck.data.nexus	2	15	102	17	102	11	62
org.owasp.dependencycheck.data.nuget	4	21	92	23	134	0	85
org.owasp.dependencycheck.data.cwe	2	5	47	6	29	1	50
org.owasp.dependencycheck.analyzer.exception	2	8	23	10	48	0	51
org.owasp.dependencycheck.data.update.exception	2	6	20	8	40	0	50
org.owasp.dependencycheck.jaxb.pom	1	4	19	5	39	0	30
org.owasp.dependencycheck.exception	1	4	13	5	24	0	30

Classes total	Methods total	NCSS total	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
202	1316	8304	1468	12429	497	2755

Objects

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 classes containing the most NCSS.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer	641	31	1	37
org.owasp.dependencycheck.data.nvdcve.CveDB	402	20	0	21
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	19	2	32
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler	208	8	1	24
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.Engine	173	18	0	19
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	172	11	0	12
org.owasp.dependencycheck.dependency.Dependency	171	40	0	41
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	161	13	0	14
org.owasp.dependencycheck.utils.Settings	155	18	1	21
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory	148	9	0	10
org.owasp.dependencycheck.data.update.StandardUpdate	140	8	0	9
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	124	11	0	12
org.owasp.dependencycheck.dependency.EvidenceCollection	118	18	5	19
org.owasp.dependencycheck.suppression.SuppressionRule	111	24	0	25
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.dependency.VulnerableSoftware	107	18	0	19
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	106	14	0	15
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer	98	8	0	8
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.utils.DependencyVersion	91	11	0	11
org.owasp.dependencycheck.reporting.ReportGenerator	86	6	1	7
org.owasp.dependencycheck.utils.FileUtils	84	7	0	8
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler	80	3	1	10
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.data.update.task.CallableDownloadTask	69	11	0	11
org.owasp.dependencycheck.utils.Downloader	67	3	0	4
org.owasp.dependencycheck.dependency.Evidence	66	17	0	18

TOP 30 classes containing the most methods.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.dependency.Dependency	171	40	0	41
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.analyzer.JarAnalyzer	641	31	1	37
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.suppression.SuppressionRule	111	24	0	25
org.owasp.dependencycheck.data.nvdcve.CveDB	402	20	0	21
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	19	2	32
org.owasp.dependencycheck.dependency.EvidenceCollection	118	18	5	19
org.owasp.dependencycheck.dependency.VulnerableSoftware	107	18	0	19
org.owasp.dependencycheck.Engine	173	18	0	19
org.owasp.dependencycheck.jaxb.pom.generated.Dependency	52	18	1	21
org.owasp.dependencycheck.jaxb.pom.generated.Developer	58	18	2	23
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.utils.Settings	155	18	1	21
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.Element	51	17	0	17
org.owasp.dependencycheck.dependency.Evidence	66	17	0	18
org.owasp.dependencycheck.dependency.Identifier	55	16	0	15
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25
org.owasp.dependencycheck.jaxb.pom.generated.Contributor	53	16	2	21
org.owasp.dependencycheck.data.nuget.NugetPackage	48	15	0	14
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	106	14	0	15
org.owasp.dependencycheck.jaxb.pom.generated.Notifier	42	14	1	17
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	161	13	0	14
org.owasp.dependencycheck.data.cpe.IndexEntry	48	12	0	11
org.owasp.dependencycheck.data.nexus.MavenArtifact	33	12	0	13
org.owasp.dependencycheck.data.update.UpdateableNvdCve	37	12	0	12
org.owasp.dependencycheck.jaxb.pom.generated.DistributionManagement	31	12	0	13

Averages.

NCSS average	Program NCSS	Classes average	Methods average	Javadocs average
37.94	8,304.00	0.32	6.51	7.71

Methods

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 Methods containing the most NCSS.

Methods	NCSS	CCN	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer.parseManifest(Dependency,ClassNameInformation)	118	44	1
org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(Vulnerability)	116	17	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.endElement(String,String,String)	71	27	0
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize()	60	25	1
org.owasp.dependencycheck.data.update.StandardUpdate.update()	60	25	1
org.owasp.dependencycheck.Engine.analyzeDependencies()	59	18	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.startElement(String,String,String,Attributes)	55	21	0
org.owasp.dependencycheck.analyzer.JarAnalyzer.addPomEvidence(Dependency,Model,Properties)	54	35	1
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerability(String)	54	9	1
org.owasp.dependencycheck.utils.FileUtils.extractFiles(File,File,Engine)	51	23	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(ArchiveInputStream,File,Engine)	49	23	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.setPomEvidence(Dependency,Model,Properties,ClassNameInformation)	49	22	1
org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineIdentifiers(Dependency,String,String)	47	22	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String,JarFile,Dependency)	47	9	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.analyzePOM(Dependency,ClassNameInformation,Engine)	42	11	1
org.owasp.dependencycheck.data.update.StandardUpdate.updatesNeeded()	42	17	1
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.initialize()	41	14	1
org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(String,String)	41	16	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.addDescription(Dependency,String,String,String)	40	11	1
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler.startElement(String,String,String,Attributes)	40	14	0
org.owasp.dependencycheck.utils.Downloader.fetchFile(URL,File)	40	15	1
org.owasp.dependencycheck.suppression.SuppressionRule.process(Dependency)	37	25	1
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency)	35	18	1
org.owasp.dependencycheck.dependency.Dependency.equals(Object)	35	53	1
org.owasp.dependencycheck.dependency.VulnerableSoftware.compareTo(VulnerableSoftware)	34	19	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(File,File,Engine)	32	14	1
org.owasp.dependencycheck.utils.DependencyVersion.compareTo(DependencyVersion)	32	19	0
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.analyze(Dependency,Engine)	30	14	1
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerabilities(String)	30	7	1
org.owasp.dependencycheck.suppression.SuppressionParser.parseSuppressionRules(File)	29	10	1

Averages.

Program NCSS	NCSS average	CCN average	Javadocs average
8,304.00	4.81	2.30	0.97

Explanations

[ package ] [ object ] [ method ] [ explanation ]

Non Commenting Source Statements (NCSS)

Statements for JavaNCSS are not statements as specified in the Java Language Specification but include all kinds of declarations too. Roughly spoken, NCSS is approximately equivalent to counting ';' and '{' characters in Java source files.

Not counted are empty statements, empty blocks or semicolons after closing brackets. Of course, comments don't get counted too. Closing brackets also never get counted, the same applies to blocks in general.

	Examples
Package declaration	`package java.lang;`
Import declaration	`import java.awt.*;`
Class declaration	`public class Foo {` `public class Foo extends Bla {`
Interface declaration	`public interface Able ; {`
Field declaration	`int a;` `int a, b, c = 5, d = 6;`
Method declaration	`public void cry();` `public void gib() throws DeadException {`
Constructor declaration	`public Foo() {`
Constructor invocation	`this();` `super();`
Statement declaration	`i = 0;` `if (ok)` `if (exit) {` `if (3 == 4);` `if (4 == 4) { ;` `} else {`
Label declaration	`fine :`

In some cases consecutive semicolons are illegal according to the JLS but JavaNCSS still tolerates them (thought JavaNCSS is still more strict as 'javac'). Nevertheless they are never counted as two statements.

Cyclomatic Complexity Number (CCN)

CCN is also know as McCabe Metric. There exists a much hyped theory behind it based on graph theory, but it all comes down to simply counting 'if', 'for', 'while' statements etc. in a method. Whenever the control flow of a method splits, the "CCN counter" gets incremented by one.

Each method has a minimum value of 1 per default. For each of the following Java keywords/statements this value gets incremented by one:

if
for
while
case
catch

Also if the control flow of a method returns abortively the CCNvalue will be incremented by one:

if
for

An ordinary return at the end of method will not be counted.

Note that 'else', 'default', and 'finally' don't increment the CCN value any further. On the other hand, a simple method with a 'switch' statement and a huge block of 'case' statements can have a surprisingly high CCN value (still it has the same value when converting a 'switch' block to an equivalent sequence of 'if' statements).