org.owasp.dependencycheck.analyzer (Dependency-Check Core 11.1.0 API)

Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.

Interface Summary
Interface	Description
Analyzer	An interface that defines an Analyzer that is used to identify Dependencies.
FileTypeAnalyzer	An Analyzer that scans specific file types.

Class Summary
Class	Description
AbstractAnalyzer	Base class for analyzers to avoid code duplication of prepare and close as most analyzers do not need these methods.
AbstractDependencyComparingAnalyzer	This analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.
AbstractFileTypeAnalyzer	The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.
AbstractNpmAnalyzer	An abstract NPM analyzer that contains common methods for concrete implementations.
AbstractSuppressionAnalyzer	Abstract base suppression analyzer that contains methods for parsing the suppression XML file.
AnalyzerService	The Analyzer Service Loader.
ArchiveAnalyzer	An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the dependency list.
ArtifactoryAnalyzer	Analyzer which will attempt to locate a dependency, and the GAV information, by querying Artifactory for the dependency's hashes digest.
AssemblyAnalyzer	Analyzer for getting company, product, and version information from a .NET assembly.
AutoconfAnalyzer	Used to analyze Autoconf input files named configure.ac or configure.in.
CarthageAnalyzer	This analyzer is used to analyze SWIFT and Objective-C packages by collecting information from Cartfile files.
CentralAnalyzer	Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 digest.
CMakeAnalyzer	Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.
CocoaPodsAnalyzer	This analyzer is used to analyze SWIFT and Objective-C packages by collecting information from .podspec files.
ComposerLockAnalyzer	Used to analyze a composer.lock file for a composer PHP app.
CPEAnalyzer	CPEAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CPE.
CpeSuppressionAnalyzer	This is no longer used as a standalone analyzer; rather this is called by the CPE Analyzer directly.
DartAnalyzer	This analyzer is used to analyze Dart packages by collecting information from pubspec lock and yaml files.
DependencyBundlingAnalyzer	This analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.
DependencyMergingAnalyzer	This analyzer will merge dependencies, created from different source, into a single dependency.
ElixirMixAuditAnalyzer
FalsePositiveAnalyzer	This analyzer attempts to remove some well known false positives - specifically regarding the java runtime.
FileNameAnalyzer	Takes a dependency and analyzes the filename and determines the hashes.
GolangDepAnalyzer	Go lang dependency analyzer.
GolangModAnalyzer	Go mod dependency analyzer.
HintAnalyzer	This analyzer adds evidence to dependencies to enhance the accuracy of library identification.
JarAnalyzer	Used to load a JAR file and collect information that can be used to determine the associated CPE.
JarAnalyzer.ClassNameInformation	Stores information about a class name.
KnownExploitedVulnerabilityAnalyzer	This analyzer adds information about known exploited vulnerabilities.
LibmanAnalyzer	Analyzer which parses a libman.json file to gather module information.
MSBuildProjectAnalyzer	Analyzes MS Project files for dependencies.
NexusAnalyzer	Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.
NodeAuditAnalyzer	Used to analyze Node Package Manager (npm) package-lock.json and npm-shrinkwrap.json files via NPM Audit API.
NodePackageAnalyzer	Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine the associated CPE.
NpmCPEAnalyzer	NpmCPEAnalyzer takes a project dependency and attempts to discern if there is an associated CPE.
NugetconfAnalyzer	Analyzer which parses a Nuget packages.config file to gather module information.
NuspecAnalyzer	Analyzer which will parse a Nuspec file to gather module information.
NvdCveAnalyzer	NvdCveAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CVEs.
OpenSSLAnalyzer	Used to analyze OpenSSL source code present in the file system.
OssIndexAnalyzer	Enrich dependency information from Sonatype OSS index.
PEAnalyzer	Takes a dependency and analyze the PE header for meta data that can be used to identify the library.
PerlCpanfileAnalyzer	Used to analyze Perl CPAN files.
PinnedMavenInstallAnalyzer	Used to analyze Maven pinned dependency files named `install.json`, a Java Maven dependency lockfile like Python's `requirements.txt`.
PipAnalyzer	Used to analyze pip dependency files named requirements.txt.
PipfileAnalyzer	Used to analyze dependencies defined in Pipfile.
PipfilelockAnalyzer	Used to analyze dependencies defined in Pipfile.lock.
PnpmAuditAnalyzer
PoetryAnalyzer	Poetry dependency analyzer.
PythonDistributionAnalyzer	Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used to determine the associated CPE.
PythonPackageAnalyzer	Used to analyze a Python package, and collect information that can be used to determine the associated CPE.
RetireJsAnalyzer	The RetireJS analyzer uses the manually curated list of vulnerabilities from the RetireJS community along with the necessary information to assist in identifying vulnerable components.
RubyBundleAuditAnalyzer	Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.
RubyBundlerAnalyzer	This analyzer accepts the fully resolved .gemspec created by the Ruby bundler (http://bundler.io) for better evidence results.
RubyGemspecAnalyzer	Used to analyze Ruby Gem specifications and collect information that can be used to determine the associated CPE.
SwiftPackageManagerAnalyzer	This analyzer is used to analyze the SWIFT Package Manager (https://swift.org/package-manager/).
SwiftPackageResolvedAnalyzer	This analyzer is used to analyze the SWIFT Package Resolved (https://swift.org/package-manager/).
UnusedSuppressionRuleAnalyzer	Log the unused suppression rules.
VersionFilterAnalyzer	This analyzer attempts to filter out erroneous version numbers collected.
VulnerabilitySuppressionAnalyzer	The suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema.
YarnAuditAnalyzer

Enum Summary
Enum Description

AnalysisPhase
An enumeration defining the phases of analysis.
Annotation Types Summary
Annotation Type Description

Experimental
Annotation used to flag an analyzer as experimental.

Retired
Annotation used to flag an analyzer as retired.

Annotation Type	Description
Experimental	Annotation used to flag an analyzer as experimental.
Retired	Annotation used to flag an analyzer as retired.

Package org.owasp.dependencycheck.analyzer