github-mirrors/odc-yocto-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-yocto-analyzer.git synced 2026-03-26 02:51:47 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Šesták Vít
2020-01-31 15:12:34 +01:00
commit 12378b0505
15 changed files with 807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
README.md Normal file
View File

@@ -0,0 +1,17 @@
A plugin for OWASP Dependency Check that analyzes IPK files from YOCTO.
Useful for finding known vulnerabilities and licenses.
The plugin automatically suppresses CVEs mentioned in source section, as it expects any mention of a CVE in this section is a patch fixing the CVE.
## Requirements
This plugin calls `tar` and `ar` utilities. You need them on $PATH.
Tested with Debian, but it will likely work with other distributions or even with Windows if these two utilities are on $PATH (or %PATH% :) ).
## Howto
1. Build JAR file using `mvn package`.
2. Add the JAR file to `plugins` directory of OWASP Dependency Check (CLI version).
3. Run the ODC on IPK files with com.ysoft.yocto.enabled=true.