dependency-check-core - JavaNCSS Metric Results

JavaNCSS Metric Results

[ package ] [ object ] [ method ] [ explanation ]

The following document contains the results of a JavaNCSS metric analysis, using JavaNCSS version 32.53.
JavaNCSS web site.

Packages

[ package ] [ object ] [ method ] [ explanation ]

Packages sorted by NCSS.

Package	Classes	Methods	NCSS	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
org.owasp.dependencycheck.analyzer	22	167	1890	186	1238	148	607
org.owasp.dependencycheck.jaxb.pom.generated	86	540	1771	626	7069	228	0
org.owasp.dependencycheck.dependency	14	163	735	160	1012	13	222
org.owasp.dependencycheck.data.nvdcve	9	59	719	66	399	30	254
org.owasp.dependencycheck.utils	19	83	696	87	546	17	364
org.owasp.dependencycheck.suppression	6	48	326	54	338	6	145
org.owasp.dependencycheck.data.update.xml	4	35	315	34	222	5	124
org.owasp.dependencycheck.data.update	6	35	272	40	267	5	125
org.owasp.dependencycheck.data.lucene	11	30	264	41	259	20	228
org.owasp.dependencycheck.data.cpe	4	30	206	32	218	0	99
org.owasp.dependencycheck	1	17	197	18	104	4	39
org.owasp.dependencycheck.data.update.task	2	17	157	18	121	0	54
org.owasp.dependencycheck.reporting	2	11	138	13	94	1	65
org.owasp.dependencycheck.data.nuget	4	21	92	23	136	0	85
org.owasp.dependencycheck.data.nexus	2	14	72	16	100	7	53
org.owasp.dependencycheck.data.cwe	2	5	47	6	29	1	50
org.owasp.dependencycheck.data.update.exception	2	6	20	8	40	0	50
org.owasp.dependencycheck.jaxb.pom	1	4	19	5	39	0	30
org.owasp.dependencycheck.exception	1	4	13	5	24	0	30

Classes total	Methods total	NCSS total	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
198	1289	7949	1438	12255	485	2624

Objects

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 classes containing the most NCSS.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer	634	28	1	34
org.owasp.dependencycheck.data.nvdcve.CveDB	391	20	0	21
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	19	2	32
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler	208	8	1	24
org.owasp.dependencycheck.dependency.Dependency	181	43	0	44
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.Engine	170	17	0	18
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	165	11	0	12
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	161	13	0	14
org.owasp.dependencycheck.data.update.StandardUpdate	140	8	0	9
org.owasp.dependencycheck.utils.Settings	122	17	1	20
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	118	11	0	12
org.owasp.dependencycheck.dependency.EvidenceCollection	118	18	5	19
org.owasp.dependencycheck.suppression.SuppressionRule	111	24	0	25
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory	109	7	0	8
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	108	14	0	15
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.dependency.VulnerableSoftware	107	18	0	19
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.utils.Downloader	94	4	1	5
org.owasp.dependencycheck.utils.DependencyVersion	91	11	0	11
org.owasp.dependencycheck.reporting.ReportGenerator	86	6	1	7
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler	80	3	1	10
org.owasp.dependencycheck.utils.FileUtils	80	7	0	8
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.data.update.task.CallableDownloadTask	69	11	0	11
org.owasp.dependencycheck.dependency.Evidence	66	17	0	18
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25

TOP 30 classes containing the most methods.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.dependency.Dependency	181	43	0	44
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.analyzer.JarAnalyzer	634	28	1	34
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.suppression.SuppressionRule	111	24	0	25
org.owasp.dependencycheck.data.nvdcve.CveDB	391	20	0	21
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	19	2	32
org.owasp.dependencycheck.dependency.EvidenceCollection	118	18	5	19
org.owasp.dependencycheck.dependency.VulnerableSoftware	107	18	0	19
org.owasp.dependencycheck.jaxb.pom.generated.Dependency	52	18	1	21
org.owasp.dependencycheck.jaxb.pom.generated.Developer	58	18	2	23
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.Element	51	17	0	17
org.owasp.dependencycheck.dependency.Evidence	66	17	0	18
org.owasp.dependencycheck.Engine	170	17	0	18
org.owasp.dependencycheck.utils.Settings	122	17	1	20
org.owasp.dependencycheck.dependency.Identifier	55	16	0	15
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25
org.owasp.dependencycheck.jaxb.pom.generated.Contributor	53	16	2	21
org.owasp.dependencycheck.data.nuget.NugetPackage	48	15	0	14
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	108	14	0	15
org.owasp.dependencycheck.jaxb.pom.generated.Notifier	42	14	1	17
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	161	13	0	14
org.owasp.dependencycheck.data.cpe.IndexEntry	48	12	0	11
org.owasp.dependencycheck.data.nexus.MavenArtifact	33	12	0	13
org.owasp.dependencycheck.data.update.UpdateableNvdCve	37	12	0	12
org.owasp.dependencycheck.jaxb.pom.generated.DistributionManagement	31	12	0	13

Averages.

NCSS average	Program NCSS	Classes average	Methods average	Javadocs average
37.19	7,949.00	0.33	6.51	7.71

Methods

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 Methods containing the most NCSS.

Methods	NCSS	CCN	Javadocs
org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(Vulnerability)	116	17	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.parseManifest(Dependency,ClassNameInformation)	109	41	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.addPomEvidence(Dependency,Model,Properties)	74	44	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.endElement(String,String,String)	71	27	0
org.owasp.dependencycheck.analyzer.JarAnalyzer.setPomEvidence(Dependency,Model,Properties,ClassNameInformation)	69	31	1
org.owasp.dependencycheck.data.update.StandardUpdate.update()	60	25	1
org.owasp.dependencycheck.Engine.analyzeDependencies()	59	18	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.startElement(String,String,String,Attributes)	55	21	0
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerability(String)	54	9	1
org.owasp.dependencycheck.utils.FileUtils.extractFiles(File,File,Engine)	51	23	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String,JarFile,Dependency)	50	12	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(ArchiveInputStream,File,Engine)	49	23	1
org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineIdentifiers(Dependency,String,String)	47	22	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.analyzePOM(Dependency,ClassNameInformation,Engine)	44	11	1
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.getConnection()	42	15	1
org.owasp.dependencycheck.data.update.StandardUpdate.updatesNeeded()	42	17	1
org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(String,String)	41	16	1
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler.startElement(String,String,String,Attributes)	40	14	0
org.owasp.dependencycheck.utils.Downloader.fetchFile(URL,File)	40	15	1
org.owasp.dependencycheck.dependency.Dependency.equals(Object)	37	57	1
org.owasp.dependencycheck.suppression.SuppressionRule.process(Dependency)	37	25	1
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency)	35	18	1
org.owasp.dependencycheck.dependency.VulnerableSoftware.compareTo(VulnerableSoftware)	34	19	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(File,File,Engine)	32	14	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.addDescription(Dependency,String,String,String)	32	10	1
org.owasp.dependencycheck.utils.DependencyVersion.compareTo(DependencyVersion)	32	19	0
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.analyze(Dependency,Engine)	30	14	1
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerabilities(String)	30	7	1
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex.buildIndex(CveDB)	29	16	1
org.owasp.dependencycheck.suppression.SuppressionParser.parseSuppressionRules(File)	29	10	1

Averages.

Program NCSS	NCSS average	CCN average	Javadocs average
7,949.00	4.71	2.26	0.97

Explanations

[ package ] [ object ] [ method ] [ explanation ]

Non Commenting Source Statements (NCSS)

Statements for JavaNCSS are not statements as specified in the Java Language Specification but include all kinds of declarations too. Roughly spoken, NCSS is approximately equivalent to counting ';' and '{' characters in Java source files.

Not counted are empty statements, empty blocks or semicolons after closing brackets. Of course, comments don't get counted too. Closing brackets also never get counted, the same applies to blocks in general.

	Examples
Package declaration	`package java.lang;`
Import declaration	`import java.awt.*;`
Class declaration	`public class Foo {` `public class Foo extends Bla {`
Interface declaration	`public interface Able ; {`
Field declaration	`int a;` `int a, b, c = 5, d = 6;`
Method declaration	`public void cry();` `public void gib() throws DeadException {`
Constructor declaration	`public Foo() {`
Constructor invocation	`this();` `super();`
Statement declaration	`i = 0;` `if (ok)` `if (exit) {` `if (3 == 4);` `if (4 == 4) { ;` `} else {`
Label declaration	`fine :`

In some cases consecutive semicolons are illegal according to the JLS but JavaNCSS still tolerates them (thought JavaNCSS is still more strict as 'javac'). Nevertheless they are never counted as two statements.

Cyclomatic Complexity Number (CCN)

CCN is also know as McCabe Metric. There exists a much hyped theory behind it based on graph theory, but it all comes down to simply counting 'if', 'for', 'while' statements etc. in a method. Whenever the control flow of a method splits, the "CCN counter" gets incremented by one.

Each method has a minimum value of 1 per default. For each of the following Java keywords/statements this value gets incremented by one:

if
for
while
case
catch

Also if the control flow of a method returns abortively the CCNvalue will be incremented by one:

if
for

An ordinary return at the end of method will not be counted.

Note that 'else', 'default', and 'finally' don't increment the CCN value any further. On the other hand, a simple method with a 'switch' statement and a huge block of 'case' statements can have a surprisingly high CCN value (still it has the same value when converting a 'switch' block to an equivalent sequence of 'if' statements).