dependency-check-core - JavaNCSS Metric Results

JavaNCSS Metric Results

[ package ] [ object ] [ method ] [ explanation ]

The following document contains the results of a JavaNCSS metric analysis, using JavaNCSS version 32.53.
JavaNCSS web site.

Packages

[ package ] [ object ] [ method ] [ explanation ]

Packages sorted by NCSS.

Package	Classes	Methods	NCSS	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
org.owasp.dependencycheck.analyzer	23	172	2250	189	1278	158	654
org.owasp.dependencycheck.jaxb.pom.generated	86	540	1772	626	6951	228	0
org.owasp.dependencycheck.dependency	14	176	811	173	1097	17	231
org.owasp.dependencycheck.data.nvdcve	9	59	785	66	399	31	281
org.owasp.dependencycheck.suppression	6	55	402	61	379	5	154
org.owasp.dependencycheck.utils	10	43	348	40	238	6	169
org.owasp.dependencycheck.data.update.xml	4	35	316	34	222	5	127
org.owasp.dependencycheck.agent	1	66	298	67	455	0	35
org.owasp.dependencycheck.data.update	6	34	274	39	266	5	128
org.owasp.dependencycheck.data.lucene	11	30	265	41	259	20	231
org.owasp.dependencycheck	1	22	224	22	124	6	48
org.owasp.dependencycheck.data.cpe	4	31	207	33	221	0	99
org.owasp.dependencycheck.data.update.task	2	17	173	18	132	0	60
org.owasp.dependencycheck.reporting	3	14	159	17	118	2	91
org.owasp.dependencycheck.data.nexus	2	15	106	17	108	11	53
org.owasp.dependencycheck.data.nuget	4	21	92	23	134	0	85
org.owasp.dependencycheck.data.cwe	2	5	48	6	29	1	53
org.owasp.dependencycheck.exception	2	8	25	10	48	0	50
org.owasp.dependencycheck.analyzer.exception	2	8	23	10	48	0	51
org.owasp.dependencycheck.data.update.exception	2	6	20	8	40	0	50
org.owasp.dependencycheck.jaxb.pom	1	4	19	5	39	0	30

Classes total	Methods total	NCSS total	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
195	1361	8617	1505	12585	495	2680

Objects

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 classes containing the most NCSS.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer	629	30	1	36
org.owasp.dependencycheck.data.nvdcve.CveDB	406	20	0	21
org.owasp.dependencycheck.agent.DependencyCheckScanAgent	281	66	0	67
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	16	2	29
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	211	12	0	13
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler	209	8	1	24
org.owasp.dependencycheck.dependency.Dependency	199	50	0	51
org.owasp.dependencycheck.Engine	194	22	0	22
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	179	13	0	13
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.suppression.SuppressionRule	167	30	0	31
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	157	11	0	12
org.owasp.dependencycheck.data.update.StandardUpdate	143	8	0	9
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory	138	7	0	8
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer	134	8	0	8
org.owasp.dependencycheck.dependency.EvidenceCollection	128	19	5	20
org.owasp.dependencycheck.dependency.VulnerableSoftware	117	19	0	20
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	107	14	0	15
org.owasp.dependencycheck.dependency.Evidence	102	21	0	22
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.utils.DependencyVersion	98	11	0	11
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.reporting.ReportGenerator	88	6	1	7
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler	80	3	1	10
org.owasp.dependencycheck.data.update.task.DownloadTask	77	11	0	11
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.suppression.SuppressionHandler	67	5	0	6
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25

TOP 30 classes containing the most methods.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.agent.DependencyCheckScanAgent	281	66	0	67
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.dependency.Dependency	199	50	0	51
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.analyzer.JarAnalyzer	629	30	1	36
org.owasp.dependencycheck.suppression.SuppressionRule	167	30	0	31
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.Engine	194	22	0	22
org.owasp.dependencycheck.dependency.Evidence	102	21	0	22
org.owasp.dependencycheck.data.nvdcve.CveDB	406	20	0	21
org.owasp.dependencycheck.dependency.EvidenceCollection	128	19	5	20
org.owasp.dependencycheck.dependency.VulnerableSoftware	117	19	0	20
org.owasp.dependencycheck.jaxb.pom.generated.Dependency	52	18	1	21
org.owasp.dependencycheck.jaxb.pom.generated.Developer	58	18	2	23
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.Element	51	17	0	17
org.owasp.dependencycheck.analyzer.CPEAnalyzer	263	16	2	29
org.owasp.dependencycheck.dependency.Identifier	55	16	0	15
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25
org.owasp.dependencycheck.jaxb.pom.generated.Contributor	53	16	2	21
org.owasp.dependencycheck.data.nuget.NugetPackage	48	15	0	14
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	107	14	0	15
org.owasp.dependencycheck.jaxb.pom.generated.Notifier	42	14	1	17
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer	50	13	0	14
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	179	13	0	13
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	211	12	0	13
org.owasp.dependencycheck.data.cpe.IndexEntry	48	12	0	11
org.owasp.dependencycheck.data.nexus.MavenArtifact	33	12	0	13

Averages.

NCSS average	Program NCSS	Classes average	Methods average	Javadocs average
40.76	8,617.00	0.32	6.98	8.17

Methods

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 Methods containing the most NCSS.

Methods	NCSS	CCN	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer.parseManifest(Dependency,ClassNameInformation)	118	45	1
org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(Vulnerability)	116	17	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.setPomEvidence(Dependency,Model,Properties,ClassNameInformation)	87	47	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.endElement(String,String,String)	71	27	0
org.owasp.dependencycheck.data.update.StandardUpdate.update()	62	25	1
org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineIdentifiers(Dependency,String,String,Confidence)	60	23	1
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize()	60	25	1
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.initializeFileTypeAnalyzer()	55	20	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.startElement(String,String,String,Attributes)	55	21	0
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerability(String)	54	9	1
org.owasp.dependencycheck.suppression.SuppressionRule.process(Dependency)	51	32	1
org.owasp.dependencycheck.utils.ExtractionUtil.extractFiles(File,File,Engine)	51	23	1
org.owasp.dependencycheck.agent.DependencyCheckScanAgent.populateSettings()	49	38	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(ArchiveInputStream,File,Engine)	49	23	1
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.analyzeFileType(Dependency,Engine)	49	24	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String,JarFile,Dependency)	49	9	1
org.owasp.dependencycheck.Engine.analyzeDependencies()	47	14	1
org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData()	46	17	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeFileType(Dependency,Engine)	44	12	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.analyzePOM(Dependency,ClassNameInformation,Engine)	42	11	1
org.owasp.dependencycheck.data.update.StandardUpdate.updatesNeeded()	42	17	1
org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(String,String)	41	16	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.addDescription(Dependency,String,String,String)	40	11	1
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler.startElement(String,String,String,Attributes)	40	14	0
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency)	35	18	1
org.owasp.dependencycheck.dependency.Dependency.equals(Object)	35	53	1
org.owasp.dependencycheck.dependency.VulnerableSoftware.compareTo(VulnerableSoftware)	34	19	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(File,File,Engine)	32	14	1
org.owasp.dependencycheck.utils.DependencyVersion.compareTo(DependencyVersion)	32	19	0
org.owasp.dependencycheck.suppression.SuppressionRule.toString()	31	16	1

Averages.

Program NCSS	NCSS average	CCN average	Javadocs average
8,617.00	4.87	2.36	0.97

Explanations

[ package ] [ object ] [ method ] [ explanation ]

Non Commenting Source Statements (NCSS)

Statements for JavaNCSS are not statements as specified in the Java Language Specification but include all kinds of declarations too. Roughly spoken, NCSS is approximately equivalent to counting ';' and '{' characters in Java source files.

Not counted are empty statements, empty blocks or semicolons after closing brackets. Of course, comments don't get counted too. Closing brackets also never get counted, the same applies to blocks in general.

	Examples
Package declaration	`package java.lang;`
Import declaration	`import java.awt.*;`
Class declaration	`public class Foo {` `public class Foo extends Bla {`
Interface declaration	`public interface Able ; {`
Field declaration	`int a;` `int a, b, c = 5, d = 6;`
Method declaration	`public void cry();` `public void gib() throws DeadException {`
Constructor declaration	`public Foo() {`
Constructor invocation	`this();` `super();`
Statement declaration	`i = 0;` `if (ok)` `if (exit) {` `if (3 == 4);` `if (4 == 4) { ;` `} else {`
Label declaration	`fine :`

In some cases consecutive semicolons are illegal according to the JLS but JavaNCSS still tolerates them (thought JavaNCSS is still more strict as 'javac'). Nevertheless they are never counted as two statements.

Cyclomatic Complexity Number (CCN)

CCN is also know as McCabe Metric. There exists a much hyped theory behind it based on graph theory, but it all comes down to simply counting 'if', 'for', 'while' statements etc. in a method. Whenever the control flow of a method splits, the "CCN counter" gets incremented by one.

Each method has a minimum value of 1 per default. For each of the following Java keywords/statements this value gets incremented by one:

if
for
while
case
catch

Also if the control flow of a method returns abortively the CCNvalue will be incremented by one:

if
for

An ordinary return at the end of method will not be counted.

Note that 'else', 'default', and 'finally' don't increment the CCN value any further. On the other hand, a simple method with a 'switch' statement and a huge block of 'case' statements can have a surprisingly high CCN value (still it has the same value when converting a 'switch' block to an equivalent sequence of 'if' statements).