mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00

Files

Jeremy Long 3bd952e5c5 added information on suppressing false positives to the site

Former-commit-id: 84c0f3175c7a749bc2d5fe05d7b4e4d23a518fab

2014-01-15 20:43:09 -05:00

config

releasing updates from private repo

2013-07-31 10:21:31 -04:00

src

added information on suppressing false positives to the site

2014-01-15 20:43:09 -05:00

LICENSE.txt

releasing updates from private repo

2013-07-31 10:21:31 -04:00

NOTICE.txt

releasing updates from private repo

2013-07-31 10:21:31 -04:00

pom.xml

Updated plugin versions

2014-01-14 06:11:42 -05:00

README.md

resolved merge conflicts

2013-09-02 15:42:24 -04:00

README.md

Dependency-Check Command Line

Dependency-Check Command Line can be used to check project dependencies for published security vulnerabilities. The checks performed are a "best effort" and as such, there could be false positives as well as false negatives. However, vulnerabilities in 3rd party components is a well-known problem and is currently documented in the 2013 OWASP Top 10 as A9 - Using Components with Known Vulnerabilities.

Documentation and links to production binary releases can be found on the github pages.

Mailing List

Subscribe: dependency-check+subscribe@googlegroups.com

Post: dependency-check@googlegroups.com

Copyright & License

Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the LICENSE.txt file for the full license.

Dependency-Check Command Line makes use of other open source libraries. Please see the NOTICE.txt file for more information.