View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  /**
21   * An enumeration defining the phases of analysis.
22   *
23   * @author Jeremy Long
24   */
25  public enum AnalysisPhase {
26  
27      /**
28       * Initialization phase.
29       * @implNote Bound analyzers are {@link ArchiveAnalyzer}
30       */
31      INITIAL,
32      /**
33       * Pre information collection phase.
34       * @implNote Bound analyzers are {@link ElixirMixAuditAnalyzer},{@link RubyBundleAuditAnalyzer}
35       */
36      PRE_INFORMATION_COLLECTION,
37      /**
38       * Information collection phase.
39       * @implNote Bound analyzers are
40       * {@link ArtifactoryAnalyzer}
41       * {@link AssemblyAnalyzer}
42       * {@link AutoconfAnalyzer}
43       * {@link CMakeAnalyzer}
44       * {@link CentralAnalyzer}
45       * {@link CarthageAnalyzer}
46       * {@link CocoaPodsAnalyzer}
47       * {@link ComposerLockAnalyzer}
48       * {@link DartAnalyzer}
49       * {@link FileNameAnalyzer}
50       * {@link GolangDepAnalyzer}
51       * {@link GolangModAnalyzer}
52       * {@link JarAnalyzer}
53       * {@link LibmanAnalyzer}
54       * {@link MSBuildProjectAnalyzer}
55       * {@link NexusAnalyzer}
56       * {@link NodeAuditAnalyzer}
57       * {@link NugetconfAnalyzer}
58       * {@link NuspecAnalyzer}
59       * {@link OpenSSLAnalyzer}
60       * {@link PinnedMavenInstallAnalyzer}
61       * {@link PipAnalyzer}
62       * {@link PipfileAnalyzer}
63       * {@link PipfilelockAnalyzer}
64       * {@link PoetryAnalyzer}
65       * {@link PythonDistributionAnalyzer}
66       * {@link PythonPackageAnalyzer}
67       * {@link RubyGemspecAnalyzer}
68       * {@link RubyBundlerAnalyzer}
69       * {@link SwiftPackageManagerAnalyzer}
70       * {@link SwiftPackageResolvedAnalyzer}
71       */
72      INFORMATION_COLLECTION,
73      /**
74       * Information collection phase 2.
75       * @implNote Bound analyzers are
76       * {@link PEAnalyzer}
77       */
78      INFORMATION_COLLECTION2,
79      /**
80       * Post information collection phase 1.
81       * @implNote Bound analyzers are
82       * {@link DependencyMergingAnalyzer}
83       */
84      POST_INFORMATION_COLLECTION1,
85      /**
86       * Post information collection phase 2.
87       * @implNote Bound analyzers are
88       * {@link HintAnalyzer} (must run before {@link VersionFilterAnalyzer}, should run after {@link DependencyMergingAnalyzer})
89       */
90      POST_INFORMATION_COLLECTION2,
91      /**
92       * Post information collection phase 3.
93       * @implNote Bound analyzers are
94       * {@link VersionFilterAnalyzer}
95       */
96      POST_INFORMATION_COLLECTION3,
97      /**
98       * Pre identifier analysis phase.
99       * @implNote Bound analyzers are
100      * {@link NpmCPEAnalyzer} (must run in a separate phase from {@link CPEAnalyzer} due to singleton re-use)
101      */
102     PRE_IDENTIFIER_ANALYSIS,
103     /**
104      * Identifier analysis phase.
105      * @implNote Bound analyzers are
106      * {@link CPEAnalyzer}
107      */
108     IDENTIFIER_ANALYSIS,
109     /**
110      * Post identifier analysis phase.
111      * @implNote Bound analyzers are
112      * {@link CpeSuppressionAnalyzer}
113      * {@link FalsePositiveAnalyzer}
114      */
115     POST_IDENTIFIER_ANALYSIS,
116     /**
117      * Pre finding analysis phase.
118      * @implNote No analyzers bound to this phase
119      */
120     PRE_FINDING_ANALYSIS,
121     /**
122      * Finding analysis phase.
123      * @implNote Bound analyzers are
124      * {@link NodeAuditAnalyzer}
125      * {@link NvdCveAnalyzer}
126      * {@link PnpmAuditAnalyzer}
127      * {@link RetireJsAnalyzer}
128      * {@link YarnAuditAnalyzer}
129      *
130      */
131     FINDING_ANALYSIS,
132     /**
133      * Finding analysis phase 2.
134      * @implNote Bound analyzers are
135      * {@link OssIndexAnalyzer}
136      */
137     FINDING_ANALYSIS_PHASE2,
138     /**
139      * Post analysis phase.
140      * @implNote Bound analyzers are
141      * {@link KnownExploitedVulnerabilityAnalyzer}
142      * {@link VulnerabilitySuppressionAnalyzer}
143      */
144     POST_FINDING_ANALYSIS,
145     /**
146      * The final analysis phase.
147      * @implNote Bound analyzers are
148      * {@link DependencyBundlingAnalyzer}
149      * {@link UnusedSuppressionRuleAnalyzer}
150      */
151     FINAL
152 }