github-mirrors/odc-yocto-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-yocto-analyzer.git synced 2026-01-11 22:41:33 +01:00
Code Issues 1 Packages Projects Releases Wiki Activity
1 Commit 2 Branches 0 Tags
12378b0505f113b5f120a5f7ff4423df251e1efe
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Šesták Vít 12378b0505 Initial commit
2020-01-31 15:12:34 +01:00
src
Initial commit
2020-01-31 15:12:34 +01:00
.gitignore
Initial commit
2020-01-31 15:12:34 +01:00
pom.xml
Initial commit
2020-01-31 15:12:34 +01:00
README.md
Initial commit
2020-01-31 15:12:34 +01:00

README.md

A plugin for OWASP Dependency Check that analyzes IPK files from YOCTO.

Useful for finding known vulnerabilities and licenses.

The plugin automatically suppresses CVEs mentioned in source section, as it expects any mention of a CVE in this section is a patch fixing the CVE.

Requirements

This plugin calls tar and ar utilities. You need them on $PATH.

Tested with Debian, but it will likely work with other distributions or even with Windows if these two utilities are on $PATH (or %PATH% :) ).

Howto

  1. Build JAR file using mvn package.
  2. Add the JAR file to plugins directory of OWASP Dependency Check (CLI version).
  3. Run the ODC on IPK files with com.ysoft.yocto.enabled=true.
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 48 KiB
Languages
Java 100%