dependency-check-core - JavaNCSS Metric Results

JavaNCSS Metric Results

[ package ] [ object ] [ method ] [ explanation ]

The following document contains the results of a JavaNCSS metric analysis, using JavaNCSS version 32.53.
JavaNCSS web site.

Packages

[ package ] [ object ] [ method ] [ explanation ]

Packages sorted by NCSS.

Package	Classes	Methods	NCSS	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
org.owasp.dependencycheck.analyzer	24	185	2382	204	1368	179	697
org.owasp.dependencycheck.jaxb.pom.generated	86	540	1772	626	6951	228	0
org.owasp.dependencycheck.dependency	14	178	832	175	1110	17	231
org.owasp.dependencycheck.data.nvdcve	9	61	810	68	411	31	281
org.owasp.dependencycheck.suppression	6	55	401	61	383	5	151
org.owasp.dependencycheck.data.update	7	40	367	45	300	6	154
org.owasp.dependencycheck.utils	11	45	355	43	255	6	186
org.owasp.dependencycheck.data.update.xml	4	35	316	34	222	5	127
org.owasp.dependencycheck.agent	1	70	311	71	481	0	35
org.owasp.dependencycheck.data.lucene	11	30	265	41	259	20	231
org.owasp.dependencycheck	1	23	237	23	148	3	39
org.owasp.dependencycheck.data.update.task	2	18	211	19	140	0	60
org.owasp.dependencycheck.data.cpe	4	31	207	33	221	0	99
org.owasp.dependencycheck.reporting	3	16	183	19	136	2	91
org.owasp.dependencycheck.data.nexus	2	15	106	17	108	11	53
org.owasp.dependencycheck.data.nuget	4	21	92	23	134	0	85
org.owasp.dependencycheck.data.central	1	2	69	3	23	8	36
org.owasp.dependencycheck.data.cwe	2	5	49	6	29	1	53
org.owasp.dependencycheck.exception	2	8	25	10	48	0	50
org.owasp.dependencycheck.analyzer.exception	2	8	23	10	48	0	51
org.owasp.dependencycheck.data.update.exception	2	6	20	8	40	0	50
org.owasp.dependencycheck.jaxb.pom	1	4	19	5	39	0	30

Classes total	Methods total	NCSS total	Javadocs	Javadoc lines	Single lines comment	Multi lines comment
199	1396	9052	1544	12854	522	2790

Objects

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 classes containing the most NCSS.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer	664	31	1	37
org.owasp.dependencycheck.data.nvdcve.CveDB	427	21	0	22
org.owasp.dependencycheck.agent.DependencyCheckScanAgent	294	70	0	71
org.owasp.dependencycheck.analyzer.CPEAnalyzer	274	16	2	29
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	219	12	0	13
org.owasp.dependencycheck.dependency.Dependency	218	51	0	52
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.Engine	210	23	0	23
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler	209	8	1	24
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	179	13	0	14
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.suppression.SuppressionRule	167	30	0	31
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	165	13	0	14
org.owasp.dependencycheck.data.update.StandardUpdate	140	7	0	8
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory	138	7	0	8
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer	134	8	0	8
org.owasp.dependencycheck.dependency.EvidenceCollection	128	19	5	20
org.owasp.dependencycheck.dependency.VulnerableSoftware	117	19	0	20
org.owasp.dependencycheck.reporting.ReportGenerator	112	8	1	9
org.owasp.dependencycheck.data.update.task.DownloadTask	110	12	0	12
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	107	14	0	15
org.owasp.dependencycheck.dependency.Evidence	102	21	0	22
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.utils.DependencyVersion	98	11	0	11
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler	80	3	1	10
org.owasp.dependencycheck.data.update.EngineVersionCheck	77	7	0	7
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.suppression.SuppressionHandler	67	5	0	6

TOP 30 classes containing the most methods.

Object	NCSS	Methods	Classes	Javadocs
org.owasp.dependencycheck.jaxb.pom.generated.ObjectFactory	175	87	0	88
org.owasp.dependencycheck.agent.DependencyCheckScanAgent	294	70	0	71
org.owasp.dependencycheck.jaxb.pom.generated.Model	217	60	11	83
org.owasp.dependencycheck.dependency.Dependency	218	51	0	52
org.owasp.dependencycheck.dependency.Vulnerability	108	36	0	35
org.owasp.dependencycheck.analyzer.JarAnalyzer	664	31	1	37
org.owasp.dependencycheck.suppression.SuppressionRule	167	30	0	31
org.owasp.dependencycheck.jaxb.pom.generated.Build	101	28	5	39
org.owasp.dependencycheck.jaxb.pom.generated.Profile	97	24	6	37
org.owasp.dependencycheck.Engine	210	23	0	23
org.owasp.dependencycheck.data.nvdcve.CveDB	427	21	0	22
org.owasp.dependencycheck.dependency.Evidence	102	21	0	22
org.owasp.dependencycheck.dependency.EvidenceCollection	128	19	5	20
org.owasp.dependencycheck.dependency.VulnerableSoftware	117	19	0	20
org.owasp.dependencycheck.jaxb.pom.generated.Dependency	52	18	1	21
org.owasp.dependencycheck.jaxb.pom.generated.Developer	58	18	2	23
org.owasp.dependencycheck.jaxb.pom.generated.Plugin	70	18	4	27
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.Element	51	17	0	17
org.owasp.dependencycheck.dependency.Identifier	56	17	0	16
org.owasp.dependencycheck.analyzer.CPEAnalyzer	274	16	2	29
org.owasp.dependencycheck.jaxb.pom.generated.BuildBase	65	16	4	25
org.owasp.dependencycheck.jaxb.pom.generated.Contributor	53	16	2	21
org.owasp.dependencycheck.data.nuget.NugetPackage	48	15	0	14
org.owasp.dependencycheck.data.cpe.CpeMemoryIndex	107	14	0	15
org.owasp.dependencycheck.jaxb.pom.generated.Notifier	42	14	1	17
org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer	50	13	0	14
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	165	13	0	14
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer	179	13	0	14
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer	219	12	0	13
org.owasp.dependencycheck.data.cpe.IndexEntry	48	12	0	11

Averages.

NCSS average	Program NCSS	Classes average	Methods average	Javadocs average
41.83	9,052.00	0.32	7.02	8.20

Methods

[ package ] [ object ] [ method ] [ explanation ]

TOP 30 Methods containing the most NCSS.

Methods	NCSS	CCN	Javadocs
org.owasp.dependencycheck.analyzer.JarAnalyzer.parseManifest(Dependency,ClassNameInformation)	118	45	1
org.owasp.dependencycheck.data.nvdcve.CveDB.updateVulnerability(Vulnerability)	116	17	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.setPomEvidence(Dependency,Model,Properties,ClassNameInformation)	85	45	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.endElement(String,String,String)	71	27	0
org.owasp.dependencycheck.data.update.StandardUpdate.update()	62	25	1
org.owasp.dependencycheck.analyzer.CPEAnalyzer.determineIdentifiers(Dependency,String,String,Confidence)	60	23	1
org.owasp.dependencycheck.data.nvdcve.ConnectionFactory.initialize()	60	25	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.analyzePOM(Dependency,ClassNameInformation,Engine)	56	16	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractArchive(ArchiveInputStream,File,Engine)	55	25	1
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.initializeFileTypeAnalyzer()	55	20	1
org.owasp.dependencycheck.data.update.xml.NvdCve20Handler.startElement(String,String,String,Attributes)	55	21	0
org.owasp.dependencycheck.data.nvdcve.CveDB.getVulnerability(String)	54	9	1
org.owasp.dependencycheck.Engine.analyzeDependencies()	53	16	1
org.owasp.dependencycheck.agent.DependencyCheckScanAgent.populateSettings()	52	40	1
org.owasp.dependencycheck.suppression.SuppressionRule.process(Dependency)	51	32	1
org.owasp.dependencycheck.utils.ExtractionUtil.extractFiles(File,File,Engine)	51	23	1
org.owasp.dependencycheck.analyzer.AssemblyAnalyzer.analyzeFileType(Dependency,Engine)	49	24	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String,JarFile,Dependency)	49	9	1
org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionData()	46	17	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.analyzeFileType(Dependency,Engine)	44	12	1
org.owasp.dependencycheck.data.update.StandardUpdate.updatesNeeded()	42	17	1
org.owasp.dependencycheck.analyzer.JarAnalyzer.addDescription(Dependency,String,String,String)	40	11	1
org.owasp.dependencycheck.data.update.xml.NvdCve12Handler.startElement(String,String,String,Attributes)	40	14	0
org.owasp.dependencycheck.data.central.CentralSearch.searchSha1(String)	38	13	1
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency)	35	18	1
org.owasp.dependencycheck.dependency.Dependency.equals(Object)	35	53	1
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.analyze(Dependency,Engine)	34	14	1
org.owasp.dependencycheck.dependency.VulnerableSoftware.compareTo(VulnerableSoftware)	34	19	1
org.owasp.dependencycheck.reporting.ReportGenerator.generateReport(String,OutputStream)	34	13	1
org.owasp.dependencycheck.analyzer.ArchiveAnalyzer.extractFiles(File,File,Engine)	32	14	1

Averages.

Program NCSS	NCSS average	CCN average	Javadocs average
9,052.00	5.00	2.40	0.97

Explanations

[ package ] [ object ] [ method ] [ explanation ]

Non Commenting Source Statements (NCSS)

Statements for JavaNCSS are not statements as specified in the Java Language Specification but include all kinds of declarations too. Roughly spoken, NCSS is approximately equivalent to counting ';' and '{' characters in Java source files.

Not counted are empty statements, empty blocks or semicolons after closing brackets. Of course, comments don't get counted too. Closing brackets also never get counted, the same applies to blocks in general.

	Examples
Package declaration	`package java.lang;`
Import declaration	`import java.awt.*;`
Class declaration	`public class Foo {` `public class Foo extends Bla {`
Interface declaration	`public interface Able ; {`
Field declaration	`int a;` `int a, b, c = 5, d = 6;`
Method declaration	`public void cry();` `public void gib() throws DeadException {`
Constructor declaration	`public Foo() {`
Constructor invocation	`this();` `super();`
Statement declaration	`i = 0;` `if (ok)` `if (exit) {` `if (3 == 4);` `if (4 == 4) { ;` `} else {`
Label declaration	`fine :`

In some cases consecutive semicolons are illegal according to the JLS but JavaNCSS still tolerates them (thought JavaNCSS is still more strict as 'javac'). Nevertheless they are never counted as two statements.

Cyclomatic Complexity Number (CCN)

CCN is also know as McCabe Metric. There exists a much hyped theory behind it based on graph theory, but it all comes down to simply counting 'if', 'for', 'while' statements etc. in a method. Whenever the control flow of a method splits, the "CCN counter" gets incremented by one.

Each method has a minimum value of 1 per default. For each of the following Java keywords/statements this value gets incremented by one:

if
for
while
case
catch

Also if the control flow of a method returns abortively the CCNvalue will be incremented by one:

if
for

An ordinary return at the end of method will not be counted.

Note that 'else', 'default', and 'finally' don't increment the CCN value any further. On the other hand, a simple method with a 'switch' statement and a huge block of 'case' statements can have a surprisingly high CCN value (still it has the same value when converting a 'switch' block to an equivalent sequence of 'if' statements).