mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-14 07:43:40 +01:00

Go to file

Jeremy Long d99e8f9ef5 Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives

Former-commit-id: 200acdb012410df0cd59c164cd362f7940366fb1

2013-03-08 17:33:01 -05:00

src

Added 'deep scan' argument/property to indicate more evidence should be collected even if it increases false positives

2013-03-08 17:33:01 -05:00

.gitignore

add ignore for IntelliJ files

2013-02-19 20:25:00 -05:00

LICENSE.txt

Updated Information.

2012-09-25 11:51:42 -04:00

NOTICES.txt

updated notice

2013-02-03 08:20:47 -05:00

pom.xml

change in namespace as this is now an OWASP project

2013-03-03 08:57:38 -05:00

README.md

updated

2013-02-20 07:25:28 -05:00

README.md

DependencyCheck

DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

More information can be found on the wiki.

Usage

$ mvn package
$ cd target
$ java -jar dependency-check-0.2.6.0.jar -h
$ java -jar dependency-check-0.2.6.0.jar -a Testing -out . -scan ./test-classes -scan ./lib

Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.

Mailing List

Subscribe: [dependency-check+subscribe@googlegroups.com] subscribe
Post: [dependency-check@googlegroups.com] post

License

GPLv3

Languages

Java 75.3%

CMake 18.9%

M4 3%

Ruby 1%

Groovy 0.6%

Other 1%