| Package | Description |
|---|---|
| org.owasp.dependencycheck |
Includes the main entry point for dependency-check.
|
| org.owasp.dependencycheck.analyzer |
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
|
| org.owasp.dependencycheck.reporting |
Contains classes used to generate reports.
|
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Analyzer> |
Engine.getAnalyzers(AnalysisPhase phase)
Get the List of the analyzers for a specific phase of analysis.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
Engine.closeAnalyzer(@NotNull Analyzer analyzer)
Closes the given analyzer.
|
protected void |
Engine.executeAnalysisTasks(@NotNull Analyzer analyzer,
java.util.List<java.lang.Throwable> exceptions)
Executes executes the analyzer using multiple threads.
|
protected java.util.List<AnalysisTask> |
Engine.getAnalysisTasks(Analyzer analyzer,
java.util.List<java.lang.Throwable> exceptions)
Returns the analysis tasks for the dependencies.
|
protected java.util.concurrent.ExecutorService |
Engine.getExecutorService(Analyzer analyzer)
Returns the executor service for a given analyzer.
|
protected void |
Engine.initializeAnalyzer(@NotNull Analyzer analyzer)
Initializes the given analyzer.
|
| Constructor and Description |
|---|
AnalysisTask(Analyzer analyzer,
Dependency dependency,
Engine engine,
java.util.List<java.lang.Throwable> exceptions)
Creates a new analysis task.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
FileTypeAnalyzer
An Analyzer that scans specific file types.
|
| Modifier and Type | Class and Description |
|---|---|
class |
AbstractAnalyzer
Base class for analyzers to avoid code duplication of prepare and close as
most analyzers do not need these methods.
|
class |
AbstractDependencyComparingAnalyzer
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
class |
AbstractFileTypeAnalyzer
The base FileTypeAnalyzer that all analyzers that have specific file types
they analyze should extend.
|
class |
AbstractNpmAnalyzer
An abstract NPM analyzer that contains common methods for concrete
implementations.
|
class |
AbstractSuppressionAnalyzer
Abstract base suppression analyzer that contains methods for parsing the
suppression XML file.
|
class |
ArchiveAnalyzer
An analyzer that extracts files from archives and ensures any supported files
contained within the archive are added to the dependency list.
|
class |
ArtifactoryAnalyzer
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Artifactory for the dependency's hashes digest.
|
class |
AssemblyAnalyzer
Analyzer for getting company, product, and version information from a .NET
assembly.
|
class |
AutoconfAnalyzer
Used to analyze Autoconf input files named configure.ac or configure.in.
|
class |
CarthageAnalyzer
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from Cartfile files.
|
class |
CentralAnalyzer
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Central for the dependency's SHA-1 digest.
|
class |
CMakeAnalyzer
Used to analyze CMake build files, and collect information that can be used
to determine the associated CPE.
|
class |
CocoaPodsAnalyzer
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from .podspec files.
|
class |
ComposerLockAnalyzer
Used to analyze a composer.lock file for a composer PHP app.
|
class |
CPEAnalyzer
CPEAnalyzer is a utility class that takes a project dependency and attempts
to discern if there is an associated CPE.
|
class |
CpeSuppressionAnalyzer
This is no longer used as a standalone analyzer; rather this is called by the
CPE Analyzer directly.
|
class |
DartAnalyzer
This analyzer is used to analyze Dart packages by collecting information from
pubspec lock and yaml files.
|
class |
DependencyBundlingAnalyzer
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
class |
DependencyMergingAnalyzer
This analyzer will merge dependencies, created from different source, into a
single dependency.
|
class |
ElixirMixAuditAnalyzer |
class |
FalsePositiveAnalyzer
This analyzer attempts to remove some well known false positives -
specifically regarding the java runtime.
|
class |
FileNameAnalyzer
Takes a dependency and analyzes the filename and determines the hashes.
|
class |
GolangDepAnalyzer
Go lang dependency analyzer.
|
class |
GolangModAnalyzer
Go mod dependency analyzer.
|
class |
HintAnalyzer
This analyzer adds evidence to dependencies to enhance the accuracy of
library identification.
|
class |
JarAnalyzer
Used to load a JAR file and collect information that can be used to determine
the associated CPE.
|
class |
KnownExploitedVulnerabilityAnalyzer
This analyzer adds information about known exploited vulnerabilities.
|
class |
LibmanAnalyzer
Analyzer which parses a libman.json file to gather module information.
|
class |
MSBuildProjectAnalyzer
Analyzes MS Project files for dependencies.
|
class |
NexusAnalyzer
Analyzer which will attempt to locate a dependency on a Nexus service by
SHA-1 digest of the dependency.
|
class |
NodeAuditAnalyzer
Used to analyze Node Package Manager (npm) package-lock.json and
npm-shrinkwrap.json files via NPM Audit API.
|
class |
NodePackageAnalyzer
Used to analyze Node Package Manager (npm) package.json files, and collect
information that can be used to determine the associated CPE.
|
class |
NpmCPEAnalyzer
NpmCPEAnalyzer takes a project dependency and attempts to discern if there is
an associated CPE.
|
class |
NugetconfAnalyzer
Analyzer which parses a Nuget packages.config file to gather module
information.
|
class |
NuspecAnalyzer
Analyzer which will parse a Nuspec file to gather module information.
|
class |
NvdCveAnalyzer
NvdCveAnalyzer is a utility class that takes a project dependency and
attempts to discern if there is an associated CVEs.
|
class |
OpenSSLAnalyzer
Used to analyze OpenSSL source code present in the file system.
|
class |
OssIndexAnalyzer
Enrich dependency information from Sonatype OSS index.
|
class |
PEAnalyzer
Takes a dependency and analyze the PE header for meta data that can be used
to identify the library.
|
class |
PerlCpanfileAnalyzer
Used to analyze Perl CPAN files.
|
class |
PinnedMavenInstallAnalyzer
Used to analyze Maven pinned dependency files named
*install*.json, a
Java Maven dependency lockfile like Python's requirements.txt. |
class |
PipAnalyzer
Used to analyze pip dependency files named requirements.txt.
|
class |
PipfileAnalyzer
Used to analyze dependencies defined in Pipfile.
|
class |
PipfilelockAnalyzer
Used to analyze dependencies defined in Pipfile.lock.
|
class |
PnpmAuditAnalyzer |
class |
PoetryAnalyzer
Poetry dependency analyzer.
|
class |
PythonDistributionAnalyzer
Used to analyze a Wheel or egg distribution files, or their contents in
unzipped form, and collect information that can be used to determine the
associated CPE.
|
class |
PythonPackageAnalyzer
Used to analyze a Python package, and collect information that can be used to
determine the associated CPE.
|
class |
RetireJsAnalyzer
The RetireJS analyzer uses the manually curated list of vulnerabilities from
the RetireJS community along with the necessary information to assist in
identifying vulnerable components.
|
class |
RubyBundleAuditAnalyzer
Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party
bundle-audit tool.
|
class |
RubyBundlerAnalyzer
This analyzer accepts the fully resolved .gemspec created by the Ruby bundler
(http://bundler.io) for better evidence results.
|
class |
RubyGemspecAnalyzer
Used to analyze Ruby Gem specifications and collect information that can be
used to determine the associated CPE.
|
class |
SwiftPackageManagerAnalyzer
This analyzer is used to analyze the SWIFT Package Manager
(https://swift.org/package-manager/).
|
class |
SwiftPackageResolvedAnalyzer
This analyzer is used to analyze the SWIFT Package Resolved
(https://swift.org/package-manager/).
|
class |
UnusedSuppressionRuleAnalyzer
Log the unused suppression rules.
|
class |
VersionFilterAnalyzer
This analyzer attempts to filter out erroneous version numbers collected.
|
class |
VulnerabilitySuppressionAnalyzer
The suppression analyzer processes an externally defined XML document that
complies with the suppressions.xsd schema.
|
class |
YarnAuditAnalyzer |
| Modifier and Type | Method and Description |
|---|---|
java.util.List<Analyzer> |
AnalyzerService.getAnalyzers()
Returns a list of all instances of the Analyzer interface.
|
java.util.List<Analyzer> |
AnalyzerService.getAnalyzers(AnalysisPhase... phases)
Returns a list of all instances of the Analyzer interface that are bound
to one of the given phases.
|
java.util.List<Analyzer> |
AnalyzerService.getAnalyzers(java.util.List<AnalysisPhase> phases)
Returns a list of all instances of the Analyzer interface that are bound
to one of the given phases.
|
| Constructor and Description |
|---|
ReportGenerator(java.lang.String applicationName,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings)
|
ReportGenerator(java.lang.String applicationName,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings,
ExceptionCollection exceptions)
Constructs a new ReportGenerator.
|
ReportGenerator(java.lang.String applicationName,
java.lang.String groupID,
java.lang.String artifactID,
java.lang.String version,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings)
|
ReportGenerator(java.lang.String applicationName,
java.lang.String groupID,
java.lang.String artifactID,
java.lang.String version,
java.util.List<Dependency> dependencies,
java.util.List<Analyzer> analyzers,
DatabaseProperties properties,
Settings settings,
ExceptionCollection exceptions)
Constructs a new ReportGenerator.
|
Copyright© 2012-21 Jeremy Long. All Rights Reserved.