2.0 KiB
Dependency-Check
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
Documentation and links to production binary releases can be found on the github pages. Additionally, more information about the architecture and ways to extend dependency-check can be found on the wiki.
Initial Usage
On *nix
$ mvn install
$ ./dependency-check-cli/target/release/bin/dependency-check.sh -h
$ ./dependency-check-cli/target/release/bin/dependency-check.sh --app Testing --out . --scan ./src/test/resources
On Windows
> mvn install
> dependency-check-cli/target/release/bin/dependency-check.bat -h
> dependency-check-cli/target/release/bin/dependency-check.bat --app Testing --out . --scan ./src/test/resources
Then load the resulting 'DependencyCheck-Report.html' into your favorite browser.
Mailing List
Subscribe: [dependency-check+subscribe@googlegroups.com] subscribe
Post: [dependency-check@googlegroups.com] post
Copyright & License
Dependency-Check is Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the GPLv3 license. See the [LICENSE.txt] GPLv3 file for the full license.
Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] notices file for more information.