View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2012 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.analyzer;
19  
20  /**
21   * An enumeration defining the phases of analysis.
22   *
23   * @author Jeremy Long
24   */
25  public enum AnalysisPhase {
26  
27      /**
28       * Initialization phase.
29       * @implNote Bound analyzers are {@link ArchiveAnalyzer}
30       */
31      INITIAL,
32      /**
33       * Pre information collection phase.
34       * @implNote Bound analyzers are {@link ElixirMixAuditAnalyzer},{@link RubyBundleAuditAnalyzer}
35       */
36      PRE_INFORMATION_COLLECTION,
37      /**
38       * Information collection phase.
39       * @implNote Bound analyzers are
40       * {@link ArtifactoryAnalyzer}
41       * {@link AssemblyAnalyzer}
42       * {@link AutoconfAnalyzer}
43       * {@link CMakeAnalyzer}
44       * {@link CentralAnalyzer}
45       * {@link CocoaPodsAnalyzer}
46       * {@link ComposerLockAnalyzer}
47       * {@link DartAnalyzer}
48       * {@link FileNameAnalyzer}
49       * {@link GolangDepAnalyzer}
50       * {@link GolangModAnalyzer}
51       * {@link JarAnalyzer}
52       * {@link LibmanAnalyzer}
53       * {@link MSBuildProjectAnalyzer}
54       * {@link NexusAnalyzer}
55       * {@link NodeAuditAnalyzer}
56       * {@link NugetconfAnalyzer}
57       * {@link NuspecAnalyzer}
58       * {@link OpenSSLAnalyzer}
59       * {@link PinnedMavenInstallAnalyzer}
60       * {@link PipAnalyzer}
61       * {@link PipfileAnalyzer}
62       * {@link PipfilelockAnalyzer}
63       * {@link PoetryAnalyzer}
64       * {@link PythonDistributionAnalyzer}
65       * {@link PythonPackageAnalyzer}
66       * {@link RubyGemspecAnalyzer}
67       * {@link RubyBundlerAnalyzer}
68       * {@link SwiftPackageManagerAnalyzer}
69       * {@link SwiftPackageResolvedAnalyzer}
70       */
71      INFORMATION_COLLECTION,
72      /**
73       * Information collection phase 2.
74       * @implNote Bound analyzers are
75       * {@link PEAnalyzer}
76       */
77      INFORMATION_COLLECTION2,
78      /**
79       * Post information collection phase 1.
80       * @implNote Bound analyzers are
81       * {@link DependencyMergingAnalyzer}
82       */
83      POST_INFORMATION_COLLECTION1,
84      /**
85       * Post information collection phase 2.
86       * @implNote Bound analyzers are
87       * {@link HintAnalyzer} (must run before {@link VersionFilterAnalyzer}, should run after {@link DependencyMergingAnalyzer})
88       */
89      POST_INFORMATION_COLLECTION2,
90      /**
91       * Post information collection phase 3.
92       * @implNote Bound analyzers are
93       * {@link VersionFilterAnalyzer}
94       */
95      POST_INFORMATION_COLLECTION3,
96      /**
97       * Pre identifier analysis phase.
98       * @implNote Bound analyzers are
99       * {@link NpmCPEAnalyzer} (must run in a separate phase from {@link CPEAnalyzer} due to singleton re-use)
100      */
101     PRE_IDENTIFIER_ANALYSIS,
102     /**
103      * Identifier analysis phase.
104      * @implNote Bound analyzers are
105      * {@link CPEAnalyzer}
106      */
107     IDENTIFIER_ANALYSIS,
108     /**
109      * Post identifier analysis phase.
110      * @implNote Bound analyzers are
111      * {@link CpeSuppressionAnalyzer}
112      * {@link FalsePositiveAnalyzer}
113      */
114     POST_IDENTIFIER_ANALYSIS,
115     /**
116      * Pre finding analysis phase.
117      * @implNote No analyzers bound to this phase
118      */
119     PRE_FINDING_ANALYSIS,
120     /**
121      * Finding analysis phase.
122      * @implNote Bound analyzers are
123      * {@link NodeAuditAnalyzer}
124      * {@link NvdCveAnalyzer}
125      * {@link PnpmAuditAnalyzer}
126      * {@link RetireJsAnalyzer}
127      * {@link YarnAuditAnalyzer}
128      *
129      */
130     FINDING_ANALYSIS,
131     /**
132      * Finding analysis phase 2.
133      * @implNote Bound analyzers are
134      * {@link OssIndexAnalyzer}
135      */
136     FINDING_ANALYSIS_PHASE2,
137     /**
138      * Post analysis phase.
139      * @implNote Bound analyzers are
140      * {@link KnownExploitedVulnerabilityAnalyzer}
141      * {@link VulnerabilitySuppressionAnalyzer}
142      */
143     POST_FINDING_ANALYSIS,
144     /**
145      * The final analysis phase.
146      * @implNote Bound analyzers are
147      * {@link DependencyBundlingAnalyzer}
148      * {@link UnusedSuppressionRuleAnalyzer}
149      */
150     FINAL
151 }