DependencyCheck

mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00

Go to file

Jeremy Long bb1e47ae43 fixed analyzer method signature, added SpringCleaningAnalyzer, and removed ArchiveAnalyzer interface

Former-commit-id: 789fcd7a7c463ee2528c9a325a8536f2cc9278c5

2013-01-09 22:49:41 -05:00

src

fixed analyzer method signature, added SpringCleaningAnalyzer, and removed ArchiveAnalyzer interface

2013-01-09 22:49:41 -05:00

.gitignore

updates

2012-09-06 22:54:16 -04:00

LICENSE.txt

Updated Information.

2012-09-25 11:51:42 -04:00

NOTICES.txt

version 0.2.5.0

2013-01-06 12:13:08 -05:00

pom.xml

fixed analyzer method signature, added SpringCleaningAnalyzer, and removed ArchiveAnalyzer interface

2013-01-09 22:49:41 -05:00

README.txt

version 0.2.5.0

2013-01-06 12:13:08 -05:00

README.txt

About:
DependencyCheck is a utility that attempts to detect publically disclosed
vulnerabilities contained within project dependencies. It does this by determining
if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
If found, it will generate a report linking to the associated CVE entries.

Usage:
$ mvn package
$ cd target
$ java -jar DependencyCheck-0.2.5.0.jar -h
$ java -jar DependencyCheck-0.2.5.0.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan ./test-classes/struts2-core-2.1.2.jar -scan ./lib

Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.

Author: Jeremy Long (jeremy.long@gmail.com)

Copyright (c) 2012 Jeremy Long. All Rights Reserved.

Languages

Java 75.3%

CMake 18.9%

M4 3%

Ruby 1%

Groovy 0.6%

Other 1%