mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-03-23 09:31:32 +01:00
33 lines
1.6 KiB
Plaintext
33 lines
1.6 KiB
Plaintext
About
|
|
====================
|
|
OWASP dependency-check-ant is an Ant Task that uses dependency-check-core to detect publicly
|
|
disclosed vulnerabilities associated with the project's dependencies. The task will
|
|
generate a report listing the dependency, any identified Common Platform Enumeration (CPE)
|
|
identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.
|
|
|
|
Installation
|
|
====================
|
|
Download dependency-check-ant from [bintray here](http://dl.bintray.com/jeremy-long/owasp/dependency-check-ant-${project.version}.jar).
|
|
To install dependency-check-ant place the dependency-check-ant-${project.version}.jar into
|
|
the lib directory of your Ant instalation directory. Once installed you can add
|
|
the taskdef to you build.xml and add the task to a new or existing target:
|
|
|
|
```xml
|
|
<taskdef name="dependency-check" classname="org.owasp.dependencycheck.taskdefs.DependencyCheckTask"/>
|
|
```
|
|
|
|
If you do not want to install dependency-check-ant into your ant's lib directory when you define the task def you
|
|
must add the classpath to the taskdef:
|
|
|
|
```xml
|
|
<taskdef name="dependency-check" classname="org.owasp.dependencycheck.taskdefs.DependencyCheckTask">
|
|
<classpath path="[path]/[to]/dependency-check-ant-${project.version}.jar"/>
|
|
</taskdef>
|
|
```
|
|
|
|
It is important to understand that the first time this task is executed it may
|
|
take 10 minutes or more as it downloads and processes the data from the National
|
|
Vulnerability Database (NVD) hosted by NIST: https://nvd.nist.gov
|
|
|
|
After the first batch download, as long as the task is executed at least once every
|
|
seven days the update will only take a few seconds. |