mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-11 22:41:00 +01:00

Go to file

Jeremy Long 2933526aee v0.3.2.3

Former-commit-id: f1a80ca108a9089e26c716bab8389844faa3e3a4

2013-06-07 15:53:03 -04:00

src

removed deprecated code

2013-06-07 15:46:30 -04:00

.gitignore

added ignores for Eclipse project files

2013-03-27 07:22:47 -04:00

LICENSE.txt

Updated Information.

2012-09-25 11:51:42 -04:00

NOTICES.txt

add jsoup to help convert the HTML, specified within nodes in the POM, into text.

2013-06-02 21:45:49 -04:00

pom.xml

v0.3.2.3

2013-06-07 15:53:03 -04:00

README.md

minor update to text

2013-05-27 22:22:44 -04:00

README.md

Dependency-Check

Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

More information can be found on the wiki.

Usage

$ mvn package

$ cd target

$ java -jar dependency-check-[version].jar -h

$ java -jar dependency-check-[version].jar -a Testing -out . -scan ./test-classes -scan ./lib

Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.

Mailing List

Subscribe: [dependency-check+subscribe@googlegroups.com] subscribe

Post: [dependency-check@googlegroups.com] post

Copyright & License

Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the [LICENSE.txt] GPLv3 file for the full license.

Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] notices file for more information.

Languages

Java 75.3%

CMake 18.9%

M4 3%

Ruby 1%

Groovy 0.6%

Other 1%