github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-13 23:33:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
8 Commits 7 Branches 56 Tags
0fbf2238afc7246d2ea35c7f460ec28118fefbce
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jeremy Long 0fbf2238af Improved extensibility by using ServiceLoader
2012-09-11 22:35:09 -04:00
src
Improved extensibility by using ServiceLoader
2012-09-11 22:35:09 -04:00
.gitignore
updates
2012-09-06 22:54:16 -04:00
checkstyle-checks.xml
updates
2012-09-06 22:54:16 -04:00
checkstyle-header.txt
updates
2012-09-06 22:54:16 -04:00
checkstyle-suppressions.xml
updates
2012-09-06 22:54:16 -04:00
LICENSE
updates
2012-09-06 22:54:16 -04:00
pom.xml
fixed JarAnalyzer so it grabs more data from the JAR.
2012-09-09 00:17:42 -04:00
README
bug fixes/enhancements
2012-09-10 12:25:15 -04:00

README 

About:
DependencyCheck is a simple utility that attempts to determine if there is a 
Common Product Enumeration (CPE) identifier for a given project dependency. 
If found, it will generate a report linking to the associated CVE entries.

Usage:
$ mvn package
$ cd target
$ java -jar dependencycheck-0.1.jar -h
$ java -jar DependencyCheck-0.1.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan struts2-core-2.1.2.jar -scan ./lib


TODO: 
Add CVE download/indexing and CPE lookup.
Finish report generation (xml).
Consider utilizing the OSVDB in addition to CPE/CVE.

Author: Jeremy Long (jeremy.long@gmail.com)

Copyright (c) 2012 Jeremy Long. All Rights Reserved.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 133 MiB
Languages
Java 75.3%
CMake 18.9%
M4 3%
Ruby 1%
Groovy 0.6%
Other 1%