github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-15 00:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
7 Commits 7 Branches 56 Tags
391a410e5bcb3061f8ecc9959fe727aae3295688
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Jeremy Long 391a410e5b added URL Proxy & Timeouts
2012-09-10 21:27:26 -04:00
src
added URL Proxy & Timeouts
2012-09-10 21:27:26 -04:00
.gitignore
updates
2012-09-06 22:54:16 -04:00
checkstyle-checks.xml
updates
2012-09-06 22:54:16 -04:00
checkstyle-header.txt
updates
2012-09-06 22:54:16 -04:00
checkstyle-suppressions.xml
updates
2012-09-06 22:54:16 -04:00
LICENSE
updates
2012-09-06 22:54:16 -04:00
pom.xml
fixed JarAnalyzer so it grabs more data from the JAR.
2012-09-09 00:17:42 -04:00
README
bug fixes/enhancements
2012-09-10 12:25:15 -04:00

README 

About:
DependencyCheck is a simple utility that attempts to determine if there is a 
Common Product Enumeration (CPE) identifier for a given project dependency. 
If found, it will generate a report linking to the associated CVE entries.

Usage:
$ mvn package
$ cd target
$ java -jar dependencycheck-0.1.jar -h
$ java -jar DependencyCheck-0.1.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan struts2-core-2.1.2.jar -scan ./lib


TODO: 
Add CVE download/indexing and CPE lookup.
Finish report generation (xml).
Consider utilizing the OSVDB in addition to CPE/CVE.

Author: Jeremy Long (jeremy.long@gmail.com)

Copyright (c) 2012 Jeremy Long. All Rights Reserved.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 133 MiB
Languages
Java 75.3%
CMake 18.9%
M4 3%
Ruby 1%
Groovy 0.6%
Other 1%