| Package | Description |
|---|---|
| org.owasp.dependencycheck |
Includes the main entry point for dependency-check.
|
| org.owasp.dependencycheck.agent |
The agent package holds an agent API that can be used by other applications that have information about dependencies; but would
rather implement something in their code directly rather then spawn a process to run the entire dependency-check engine.
|
| org.owasp.dependencycheck.analyzer |
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
|
| org.owasp.dependencycheck.data.artifactory |
Contains classes related to searching Artifactory Maven repository.
These are used to abstractArtifactory searching away from OWASP Dependency Check so they can be reused elsewhere. |
| org.owasp.dependencycheck.data.golang |
Contains classes for working with the Go Lang project data.
|
| org.owasp.dependencycheck.dependency |
Contains the core Dependency implementation.
|
| org.owasp.dependencycheck.processing |
Classes used to process the output of external tools.
|
| org.owasp.dependencycheck.reporting |
Contains classes used to generate reports.
|
| org.owasp.dependencycheck.xml.pom |
This package contains classes used to parse pom.xml files.
|
| org.owasp.dependencycheck.xml.suppression |
Contains classes used to suppress findings.
|
| Modifier and Type | Method and Description |
|---|---|
Dependency[] |
Engine.getDependencies()
Returns a copy of the dependencies as an array.
|
protected Dependency |
Engine.scanFile(@NotNull java.io.File file)
Scans a specified file.
|
protected Dependency |
Engine.scanFile(@NotNull java.io.File file,
@Nullable java.lang.String projectReference)
Scans a specified file.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Dependency> |
Engine.scan(java.util.Collection<java.io.File> files)
Scans a collection of files or directories.
|
java.util.List<Dependency> |
Engine.scan(java.util.Collection<java.io.File> files,
java.lang.String projectReference)
Scans a collection of files or directories.
|
java.util.List<Dependency> |
Engine.scan(java.io.File file)
Scans a given file or directory.
|
java.util.List<Dependency> |
Engine.scan(java.io.File[] files)
Scans an array of files or directories.
|
java.util.List<Dependency> |
Engine.scan(java.io.File[] files,
java.lang.String projectReference)
Scans an array of files or directories.
|
java.util.List<Dependency> |
Engine.scan(@NotNull java.lang.String path)
Scans a given file or directory.
|
java.util.List<Dependency> |
Engine.scan(@NotNull java.lang.String[] paths)
Scans an array of files or directories.
|
java.util.List<Dependency> |
Engine.scan(@NotNull java.lang.String[] paths,
@Nullable java.lang.String projectReference)
Scans an array of files or directories.
|
java.util.List<Dependency> |
Engine.scan(@NotNull java.lang.String path,
java.lang.String projectReference)
Scans a given file or directory.
|
protected java.util.List<Dependency> |
Engine.scanDirectory(java.io.File dir)
Recursively scans files and directories.
|
protected java.util.List<Dependency> |
Engine.scanDirectory(@NotNull java.io.File dir,
@Nullable java.lang.String projectReference)
Recursively scans files and directories.
|
| Modifier and Type | Method and Description |
|---|---|
void |
Engine.addDependency(Dependency dependency)
Adds a dependency.
|
void |
Engine.removeDependency(@NotNull Dependency dependency)
Removes the dependency.
|
| Constructor and Description |
|---|
AnalysisTask(Analyzer analyzer,
Dependency dependency,
Engine engine,
java.util.List<java.lang.Throwable> exceptions)
Creates a new analysis task.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Dependency> |
DependencyCheckScanAgent.getDependencies()
Returns a list of pre-determined dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
DependencyCheckScanAgent.showSummary(Dependency[] dependencies)
Generates a warning message listing a summary of dependencies and their
associated CPE and CVE entries.
|
static void |
DependencyCheckScanAgent.showSummary(java.lang.String projectName,
Dependency[] dependencies)
Generates a warning message listing a summary of dependencies and their
associated CPE and CVE entries.
|
| Modifier and Type | Method and Description |
|---|---|
void |
DependencyCheckScanAgent.setDependencies(java.util.List<Dependency> dependencies)
Sets the list of dependencies to scan.
|
| Modifier and Type | Method and Description |
|---|---|
protected Dependency |
AbstractNpmAnalyzer.createDependency(Dependency dependency,
java.lang.String name,
java.lang.String version,
java.lang.String scope)
Construct a dependency object.
|
protected Dependency |
AbstractNpmAnalyzer.findDependency(Engine engine,
java.lang.String name,
java.lang.String version)
Locates the dependency from the list of dependencies that have been
scanned by the engine.
|
protected Dependency |
DependencyMergingAnalyzer.getMainAndroidDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the android dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainDotnetDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the dotnet dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainGemspecDependency(Dependency dependency1,
Dependency dependency2)
Ruby gems installed by "bundle install" can have zero or more *.gemspec
files, all of which have the same packagePath and should be grouped.
|
protected Dependency |
DependencyMergingAnalyzer.getMainSwiftDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the swift dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainVirtualDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the virtual dependencies should be considered the
primary.
|
| Modifier and Type | Method and Description |
|---|---|
static java.lang.String |
JarAnalyzer.addDescription(Dependency dependency,
java.lang.String description,
java.lang.String source,
java.lang.String key)
Adds a description to the given dependency.
|
protected static void |
JarAnalyzer.addMatchingValues(java.util.List<JarAnalyzer.ClassNameInformation> classes,
java.lang.String value,
Dependency dep,
EvidenceType type)
Cycles through the collection of class name information to see if parts
of the package names are contained in the provided value.
|
protected static void |
AssemblyAnalyzer.addMatchingValues(java.util.List<java.lang.String> packages,
java.lang.String value,
Dependency dep,
EvidenceType type)
Cycles through the collection of class name information to see if parts
of the package names are contained in the provided value.
|
void |
AbstractAnalyzer.analyze(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
Analyzer.analyze(Dependency dependency,
Engine engine)
Analyzes the given dependency.
|
protected void |
NpmCPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
void |
NuspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
SwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
LibmanAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
void |
NugetconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
NodeAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
SwiftPackageResolvedAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
VulnerabilitySuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangDepAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
void |
CentralAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
protected void |
DartAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
NexusAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
PipfileAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CpeSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CMakeAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
void |
AssemblyAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis on a single Dependency.
|
protected void |
UnusedSuppressionRuleAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
ComposerLockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Entry point for the analyzer.
|
protected void |
PythonDistributionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
KnownExploitedVulnerabilityAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Adds information about the known exploited vulnerabilities to the
analysis.
|
protected void |
PipAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
NvdCveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
void |
ArtifactoryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
void |
ArchiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
YarnAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the yarn lock file to determine vulnerable dependencies.
|
protected void |
HintAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
AbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CocoaPodsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FalsePositiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the dependencies and removes bad/incorrect CPE associations
based on various heuristics.
|
protected abstract void |
AbstractAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
MSBuildProjectAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangModAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
protected void |
VersionFilterAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
PipfilelockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
RubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
void |
RetireJsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the specified JavaScript file.
|
protected void |
CarthageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
AbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore,
Engine engine)
Analyzes a set of dependencies.
|
protected void |
RubyBundlerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FileNameAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
AutoconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
RubyGemspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
PinnedMavenInstallAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
void |
JarAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Loads a specified JAR file and collects information from the manifest and
checksums to identify the correct CPE information.
|
protected void |
PnpmAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the pnpm lock file to determine vulnerable dependencies.
|
protected void |
OssIndexAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PoetryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes poetry packages and adds evidence to the dependency.
|
protected void |
OpenSSLAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
NodePackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonPackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
PerlCpanfileAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
JarAnalyzer.analyzePackageNames(java.util.List<JarAnalyzer.ClassNameInformation> classNames,
Dependency dependency,
boolean addPackagesAsEvidence)
Analyzes the path information of the classes contained within the
JarAnalyzer to try and determine possible vendor or product names.
|
protected boolean |
JarAnalyzer.analyzePOM(Dependency dependency,
java.util.List<JarAnalyzer.ClassNameInformation> classes,
Engine engine)
Attempts to find a pom.xml within the JAR file.
|
protected java.util.List<JarAnalyzer.ClassNameInformation> |
JarAnalyzer.collectClassNames(Dependency dependency)
Cycles through an enumeration of JarEntries, contained within the
dependency, and returns a list of the class names.
|
protected Dependency |
AbstractNpmAnalyzer.createDependency(Dependency dependency,
java.lang.String name,
java.lang.String version,
java.lang.String scope)
Construct a dependency object.
|
protected void |
CPEAnalyzer.determineCPE(Dependency dependency)
Searches the data store of CPE entries, trying to identify the CPE for
the given dependency based on the evidence contained within.
|
protected boolean |
CPEAnalyzer.determineIdentifiers(Dependency dependency,
java.lang.String vendor,
java.lang.String product,
Confidence currentConfidence)
Retrieves a list of CPE values from the CveDB based on the vendor and
product passed in.
|
protected boolean |
DependencyBundlingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
protected abstract boolean |
AbstractDependencyComparingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
protected boolean |
DependencyMergingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
static void |
JarAnalyzer.extractLicense(Model pom,
Dependency dependency)
Extracts the license information from the pom and adds it to the
dependency.
|
protected java.util.List<MavenArtifact> |
CentralAnalyzer.fetchMavenArtifacts(Dependency dependency)
Downloads the corresponding list of MavenArtifacts of the given
dependency from MavenCentral.
|
void |
AbstractNpmAnalyzer.gatherEvidence(javax.json.JsonObject json,
Dependency dependency)
Collects evidence from the given JSON for the associated dependency.
|
protected Dependency |
DependencyMergingAnalyzer.getMainAndroidDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the android dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainDotnetDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the dotnet dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainGemspecDependency(Dependency dependency1,
Dependency dependency2)
Ruby gems installed by "bundle install" can have zero or more *.gemspec
files, all of which have the same packagePath and should be grouped.
|
protected Dependency |
DependencyMergingAnalyzer.getMainSwiftDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the swift dependencies should be considered the
primary.
|
protected Dependency |
DependencyMergingAnalyzer.getMainVirtualDependency(Dependency dependency1,
Dependency dependency2)
Determines which of the virtual dependencies should be considered the
primary.
|
protected boolean |
DependencyBundlingAnalyzer.isCore(Dependency left,
Dependency right)
This is likely a very broken attempt at determining if the 'left'
dependency is the 'core' library in comparison to the 'right' library.
|
protected boolean |
DependencyMergingAnalyzer.isSameRubyGem(Dependency dependency1,
Dependency dependency2)
Bundling Ruby gems that are identified from different .gemspec files but
denote the same package path.
|
protected boolean |
DependencyMergingAnalyzer.isSameSwiftPackage(Dependency dependency1,
Dependency dependency2)
Bundling same swift dependencies with the same packagePath but identified
by different file type analyzers.
|
protected boolean |
DependencyBundlingAnalyzer.isShadedJar(Dependency dependency,
Dependency nextDependency)
Determines if the jar is shaded and the created pom.xml identified the
same CPE as the jar - if so, the pom.xml dependency should be removed.
|
protected boolean |
DependencyBundlingAnalyzer.isWebJar(Dependency dependency,
Dependency nextDependency)
Determines if a JS file is from a webjar dependency.
|
static void |
DependencyBundlingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove)
Adds the relatedDependency to the dependency's related dependencies.
|
static void |
DependencyMergingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove)
Adds the relatedDependency to the dependency's related dependencies.
|
static void |
DependencyBundlingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove,
boolean copyVulnsAndIds)
Adds the relatedDependency to the dependency's related dependencies.
|
protected boolean |
JarAnalyzer.parseManifest(Dependency dependency,
java.util.List<JarAnalyzer.ClassNameInformation> classInformation)
Reads the manifest from the JAR file and collects the entries.
|
protected void |
AbstractNpmAnalyzer.processPackage(Engine engine,
Dependency dependency,
javax.json.JsonArray jsonArray,
java.lang.String depType)
Processes a part of package.json (as defined by JsonArray) and update the
specified dependency with relevant info.
|
protected void |
AbstractNpmAnalyzer.processPackage(Engine engine,
Dependency dependency,
javax.json.JsonObject jsonObject,
java.lang.String depType)
Processes a part of package.json (as defined by JsonObject) and update
the specified dependency with relevant info.
|
protected void |
AbstractNpmAnalyzer.processResults(java.util.List<Advisory> advisories,
Engine engine,
Dependency dependency,
org.apache.commons.collections4.MultiValuedMap<java.lang.String,java.lang.String> dependencyMap)
Processes the advisories creating the appropriate dependency objects and
adding the resulting vulnerabilities.
|
protected void |
FalsePositiveAnalyzer.removeBadMatches(Dependency dependency)
Removes bad CPE matches for a dependency.
|
protected void |
AbstractNpmAnalyzer.replaceOrAddVulnerability(Dependency dependency,
Vulnerability vuln)
Evaluates if the vulnerability is already present; if it is the
vulnerability is not added.
|
static boolean |
JarAnalyzer.setPomEvidence(Dependency dependency,
Model pom,
java.util.List<JarAnalyzer.ClassNameInformation> classes,
boolean isMainPom)
Sets evidence from the pom on the supplied dependency.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
DependencyBundlingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
protected abstract boolean |
AbstractDependencyComparingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
protected boolean |
DependencyMergingAnalyzer.evaluateDependencies(Dependency dependency,
Dependency nextDependency,
java.util.Set<Dependency> dependenciesToRemove)
Evaluates the dependencies
|
static void |
DependencyBundlingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove)
Adds the relatedDependency to the dependency's related dependencies.
|
static void |
DependencyMergingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove)
Adds the relatedDependency to the dependency's related dependencies.
|
static void |
DependencyBundlingAnalyzer.mergeDependencies(Dependency dependency,
Dependency relatedDependency,
java.util.Set<Dependency> dependenciesToRemove,
boolean copyVulnsAndIds)
Adds the relatedDependency to the dependency's related dependencies.
|
| Modifier and Type | Method and Description |
|---|---|
protected java.util.List<MavenArtifact> |
ArtifactorySearch.processResponse(Dependency dependency,
java.net.HttpURLConnection conn)
Process the Artifactory response.
|
java.util.List<MavenArtifact> |
ArtifactorySearch.search(Dependency dependency)
Searches the configured Central URL for the given hash (MD5, SHA1 and
SHA256).
|
| Modifier and Type | Method and Description |
|---|---|
Dependency |
GoModDependency.toDependency(Dependency parentDependency)
Converts the GoModDependency into a Dependency object.
|
| Modifier and Type | Method and Description |
|---|---|
Dependency |
GoModDependency.toDependency(Dependency parentDependency)
Converts the GoModDependency into a Dependency object.
|
| Modifier and Type | Field and Description |
|---|---|
static java.util.Comparator<Dependency> |
Dependency.NAME_COMPARATOR
Simple sorting by display file name and actual file path.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.Set<Dependency> |
Dependency.getRelatedDependencies()
Get the unmodifiable set of
relatedDependencies. |
| Modifier and Type | Method and Description |
|---|---|
void |
Dependency.addRelatedDependency(Dependency dependency)
Adds a related dependency.
|
void |
Dependency.removeRelatedDependencies(Dependency dependency)
Removes a related dependency.
|
| Constructor and Description |
|---|
BundlerAuditProcessor(Dependency gemDependency,
Engine engine)
Constructs a new processor to consume the output of `bundler-audit`.
|
GoModProcessor(Dependency goDependency,
Engine engine)
Constructs a new processor to consume the output of `go list -m -json
all`.
|
MixAuditProcessor(Dependency mixDependency,
Engine engine)
Constructs a new processor to consume the output of `mix_audit`.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.Collection<SarifRule> |
ReportTool.convertToSarifRules(java.util.List<Dependency> dependencies)
Creates a list of SARIF rules for the SARIF report.
|
| Constructor and Description |
|---|
ReportGenerator(java.lang.String applicationName,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings)
|
ReportGenerator(java.lang.String applicationName,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings,
ExceptionCollection exceptions)
Constructs a new ReportGenerator.
|
ReportGenerator(java.lang.String applicationName,
java.lang.String groupID,
java.lang.String artifactID,
java.lang.String version,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings)
|
ReportGenerator(java.lang.String applicationName,
java.lang.String groupID,
java.lang.String artifactID,
java.lang.String version,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings,
ExceptionCollection exceptions)
Constructs a new ReportGenerator.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
PomUtils.analyzePOM(Dependency dependency,
java.io.File pomFile)
Reads in the pom file and adds elements as evidence to the given
dependency.
|
| Modifier and Type | Method and Description |
|---|---|
void |
SuppressionRule.process(Dependency dependency)
Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS
scores should be suppressed.
|
Copyright© 2012-21 Jeremy Long. All Rights Reserved.