See: Description
Interface | Description |
---|---|
Analyzer |
An interface that defines an Analyzer that is used to identify Dependencies.
|
FileTypeAnalyzer |
An Analyzer that scans specific file types.
|
Class | Description |
---|---|
AbstractAnalyzer |
Base class for analyzers to avoid code duplication of prepare and close as
most analyzers do not need these methods.
|
AbstractDependencyComparingAnalyzer |
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
AbstractFileTypeAnalyzer |
The base FileTypeAnalyzer that all analyzers that have specific file types
they analyze should extend.
|
AbstractNpmAnalyzer |
An abstract NPM analyzer that contains common methods for concrete
implementations.
|
AbstractSuppressionAnalyzer |
Abstract base suppression analyzer that contains methods for parsing the
suppression XML file.
|
AnalyzerService |
The Analyzer Service Loader.
|
ArchiveAnalyzer |
An analyzer that extracts files from archives and ensures any supported files
contained within the archive are added to the dependency list.
|
ArtifactoryAnalyzer |
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Artifactory for the dependency's hashes digest.
|
AssemblyAnalyzer |
Analyzer for getting company, product, and version information from a .NET
assembly.
|
AutoconfAnalyzer |
Used to analyze Autoconf input files named configure.ac or configure.in.
|
CarthageAnalyzer |
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from Cartfile files.
|
CentralAnalyzer |
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Central for the dependency's SHA-1 digest.
|
CMakeAnalyzer |
Used to analyze CMake build files, and collect information that can be used
to determine the associated CPE.
|
CocoaPodsAnalyzer |
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from .podspec files.
|
ComposerLockAnalyzer |
Used to analyze a composer.lock file for a composer PHP app.
|
CPEAnalyzer |
CPEAnalyzer is a utility class that takes a project dependency and attempts
to discern if there is an associated CPE.
|
CpeSuppressionAnalyzer |
This is no longer used as a standalone analyzer; rather this is called by the
CPE Analyzer directly.
|
DartAnalyzer |
This analyzer is used to analyze Dart packages by collecting information from
pubspec lock and yaml files.
|
DependencyBundlingAnalyzer |
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
DependencyMergingAnalyzer |
This analyzer will merge dependencies, created from different source, into a
single dependency.
|
ElixirMixAuditAnalyzer | |
FalsePositiveAnalyzer |
This analyzer attempts to remove some well known false positives -
specifically regarding the java runtime.
|
FileNameAnalyzer |
Takes a dependency and analyzes the filename and determines the hashes.
|
GolangDepAnalyzer |
Go lang dependency analyzer.
|
GolangModAnalyzer |
Go mod dependency analyzer.
|
HintAnalyzer |
This analyzer adds evidence to dependencies to enhance the accuracy of
library identification.
|
JarAnalyzer |
Used to load a JAR file and collect information that can be used to determine
the associated CPE.
|
JarAnalyzer.ClassNameInformation |
Stores information about a class name.
|
KnownExploitedVulnerabilityAnalyzer |
This analyzer adds information about known exploited vulnerabilities.
|
LibmanAnalyzer |
Analyzer which parses a libman.json file to gather module information.
|
MSBuildProjectAnalyzer |
Analyzes MS Project files for dependencies.
|
NexusAnalyzer |
Analyzer which will attempt to locate a dependency on a Nexus service by
SHA-1 digest of the dependency.
|
NodeAuditAnalyzer |
Used to analyze Node Package Manager (npm) package-lock.json and
npm-shrinkwrap.json files via NPM Audit API.
|
NodePackageAnalyzer |
Used to analyze Node Package Manager (npm) package.json files, and collect
information that can be used to determine the associated CPE.
|
NpmCPEAnalyzer |
NpmCPEAnalyzer takes a project dependency and attempts to discern if there is
an associated CPE.
|
NugetconfAnalyzer |
Analyzer which parses a Nuget packages.config file to gather module
information.
|
NuspecAnalyzer |
Analyzer which will parse a Nuspec file to gather module information.
|
NvdCveAnalyzer |
NvdCveAnalyzer is a utility class that takes a project dependency and
attempts to discern if there is an associated CVEs.
|
OpenSSLAnalyzer |
Used to analyze OpenSSL source code present in the file system.
|
OssIndexAnalyzer |
Enrich dependency information from Sonatype OSS index.
|
PEAnalyzer |
Takes a dependency and analyze the PE header for meta data that can be used
to identify the library.
|
PerlCpanfileAnalyzer |
Used to analyze Perl CPAN files.
|
PinnedMavenInstallAnalyzer |
Used to analyze Maven pinned dependency files named
*install*.json , a
Java Maven dependency lockfile like Python's requirements.txt . |
PipAnalyzer |
Used to analyze pip dependency files named requirements.txt.
|
PipfileAnalyzer |
Used to analyze dependencies defined in Pipfile.
|
PipfilelockAnalyzer |
Used to analyze dependencies defined in Pipfile.lock.
|
PnpmAuditAnalyzer | |
PoetryAnalyzer |
Poetry dependency analyzer.
|
PythonDistributionAnalyzer |
Used to analyze a Wheel or egg distribution files, or their contents in
unzipped form, and collect information that can be used to determine the
associated CPE.
|
PythonPackageAnalyzer |
Used to analyze a Python package, and collect information that can be used to
determine the associated CPE.
|
RetireJsAnalyzer |
The RetireJS analyzer uses the manually curated list of vulnerabilities from
the RetireJS community along with the necessary information to assist in
identifying vulnerable components.
|
RubyBundleAuditAnalyzer |
Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party
bundle-audit tool.
|
RubyBundlerAnalyzer |
This analyzer accepts the fully resolved .gemspec created by the Ruby bundler
(http://bundler.io) for better evidence results.
|
RubyGemspecAnalyzer |
Used to analyze Ruby Gem specifications and collect information that can be
used to determine the associated CPE.
|
SwiftPackageManagerAnalyzer |
This analyzer is used to analyze the SWIFT Package Manager
(https://swift.org/package-manager/).
|
SwiftPackageResolvedAnalyzer |
This analyzer is used to analyze the SWIFT Package Resolved
(https://swift.org/package-manager/).
|
UnusedSuppressionRuleAnalyzer |
Log the unused suppression rules.
|
VersionFilterAnalyzer |
This analyzer attempts to filter out erroneous version numbers collected.
|
VulnerabilitySuppressionAnalyzer |
The suppression analyzer processes an externally defined XML document that
complies with the suppressions.xsd schema.
|
YarnAuditAnalyzer |
Enum | Description |
---|---|
AnalysisPhase |
An enumeration defining the phases of analysis.
|
Annotation Type | Description |
---|---|
Experimental |
Annotation used to flag an analyzer as experimental.
|
Retired |
Annotation used to flag an analyzer as retired.
|
Copyright© 2012-21 Jeremy Long. All Rights Reserved.