mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-18 09:37:38 +01:00
2.1 KiB
2.1 KiB
File Type Analyzers
OWASP dependency-check contains several file type analyzers that are used to extract identification information from the files analyzed.
| Analyzer | File Types Scanned | Analysis Method |
|---|---|---|
| Archive Analyzer | Zip archive format (*.zip, *.ear, *.war, *.jar, *.sar, *.apk, *.nupkg); Tape Archive Format (*.tar); Gzip format (*.gz, *.tgz); Bzip2 format (*.bz2, *.tbz2) | Extracts archive contents, then scans contents with all available analyzers. |
| Assembly Analyzer | .NET Assemblies (*.exe, *.dll) | Uses GrokAssembly.exe, which requires .NET Framework or Mono runtime to be installed. |
| Autoconf Analyzer | Autoconf project configuration files (configure, configure.in, configure.ac) | Regex scan for AC_INIT metadata, including in generated configuration script. |
| Central Analyzer | Java archive files (*.jar) | Searches Maven Central or a configured Nexus repository for the file's SHA1 hash. |
| Jar Analyzer | Java archive files (*.jar); Web application archive (*.war) | Examines archive manifest metadata, and Maven Project Object Model files (pom.xml). |
| Nexus Analyzer | Java archive files (*.jar) | Searches Sonatype or a configured Nexus repository for the file's SHA1 hash. In most cases, superceded by Central Analyzer. |
| Nuspec Analyzer | Nuget package specification file (*.nuspec) | Uses XPath to parse specification XML. |
| OpenSSL Analyzer | OpenSSL Version Source Header File (opensslv.h) | Regex parse of the OPENSSL_VERSION_NUMBER macro definition. |
| Python Analyzer | Python source files (*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (*.whl, *.egg, *.zip) | Regex scan of Python source files for setuptools metadata; Parse RFC822 header format for metadata in all other artifacts. |