About
OWASP dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies. The tool will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.
Installation & Usage
Import the GPG key used to sign all Dependency Check releases: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 259A55407DD6C00299E6607EFFDE55BE73A2D1ED
.
Download the dependency-check command line tool the GitHub Release and the associated GPG signature file from the GitHub Release.
Verify the cryptographic integrity of your download: gpg --verify dependency-check-11.0.0-release.zip.asc
.
Extract the zip file to a location on your computer and put the ‘bin’ directory into the
path environment variable.