1 /* 2 * This file is part of dependency-check-core. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 * Copyright (c) 2012 Jeremy Long. All Rights Reserved. 17 */ 18 package org.owasp.dependencycheck.analyzer; 19 20 /** 21 * An enumeration defining the phases of analysis. 22 * 23 * @author Jeremy Long 24 */ 25 public enum AnalysisPhase { 26 27 /** 28 * Initialization phase. 29 * @implNote Bound analyzers are {@link ArchiveAnalyzer} 30 */ 31 INITIAL, 32 /** 33 * Pre information collection phase. 34 * @implNote Bound analyzers are {@link ElixirMixAuditAnalyzer},{@link RubyBundleAuditAnalyzer} 35 */ 36 PRE_INFORMATION_COLLECTION, 37 /** 38 * Information collection phase. 39 * @implNote Bound analyzers are 40 * {@link ArtifactoryAnalyzer} 41 * {@link AssemblyAnalyzer} 42 * {@link AutoconfAnalyzer} 43 * {@link CMakeAnalyzer} 44 * {@link CentralAnalyzer} 45 * {@link CocoaPodsAnalyzer} 46 * {@link ComposerLockAnalyzer} 47 * {@link DartAnalyzer} 48 * {@link FileNameAnalyzer} 49 * {@link GolangDepAnalyzer} 50 * {@link GolangModAnalyzer} 51 * {@link JarAnalyzer} 52 * {@link LibmanAnalyzer} 53 * {@link MSBuildProjectAnalyzer} 54 * {@link NexusAnalyzer} 55 * {@link NodeAuditAnalyzer} 56 * {@link NugetconfAnalyzer} 57 * {@link NuspecAnalyzer} 58 * {@link OpenSSLAnalyzer} 59 * {@link PinnedMavenInstallAnalyzer} 60 * {@link PipAnalyzer} 61 * {@link PipfileAnalyzer} 62 * {@link PipfilelockAnalyzer} 63 * {@link PoetryAnalyzer} 64 * {@link PythonDistributionAnalyzer} 65 * {@link PythonPackageAnalyzer} 66 * {@link RubyGemspecAnalyzer} 67 * {@link RubyBundlerAnalyzer} 68 * {@link SwiftPackageManagerAnalyzer} 69 * {@link SwiftPackageResolvedAnalyzer} 70 */ 71 INFORMATION_COLLECTION, 72 /** 73 * Information collection phase 2. 74 * @implNote Bound analyzers are 75 * {@link PEAnalyzer} 76 */ 77 INFORMATION_COLLECTION2, 78 /** 79 * Post information collection phase 1. 80 * @implNote Bound analyzers are 81 * {@link DependencyMergingAnalyzer} 82 */ 83 POST_INFORMATION_COLLECTION1, 84 /** 85 * Post information collection phase 2. 86 * @implNote Bound analyzers are 87 * {@link HintAnalyzer} (must run before {@link VersionFilterAnalyzer}, should run after {@link DependencyMergingAnalyzer}) 88 */ 89 POST_INFORMATION_COLLECTION2, 90 /** 91 * Post information collection phase 3. 92 * @implNote Bound analyzers are 93 * {@link VersionFilterAnalyzer} 94 */ 95 POST_INFORMATION_COLLECTION3, 96 /** 97 * Pre identifier analysis phase. 98 * @implNote Bound analyzers are 99 * {@link NpmCPEAnalyzer} (must run in a separate phase from {@link CPEAnalyzer} due to singleton re-use) 100 */ 101 PRE_IDENTIFIER_ANALYSIS, 102 /** 103 * Identifier analysis phase. 104 * @implNote Bound analyzers are 105 * {@link CPEAnalyzer} 106 */ 107 IDENTIFIER_ANALYSIS, 108 /** 109 * Post identifier analysis phase. 110 * @implNote Bound analyzers are 111 * {@link CpeSuppressionAnalyzer} 112 * {@link FalsePositiveAnalyzer} 113 */ 114 POST_IDENTIFIER_ANALYSIS, 115 /** 116 * Pre finding analysis phase. 117 * @implNote No analyzers bound to this phase 118 */ 119 PRE_FINDING_ANALYSIS, 120 /** 121 * Finding analysis phase. 122 * @implNote Bound analyzers are 123 * {@link NodeAuditAnalyzer} 124 * {@link NvdCveAnalyzer} 125 * {@link PnpmAuditAnalyzer} 126 * {@link RetireJsAnalyzer} 127 * {@link YarnAuditAnalyzer} 128 * 129 */ 130 FINDING_ANALYSIS, 131 /** 132 * Finding analysis phase 2. 133 * @implNote Bound analyzers are 134 * {@link OssIndexAnalyzer} 135 */ 136 FINDING_ANALYSIS_PHASE2, 137 /** 138 * Post analysis phase. 139 * @implNote Bound analyzers are 140 * {@link KnownExploitedVulnerabilityAnalyzer} 141 * {@link VulnerabilitySuppressionAnalyzer} 142 */ 143 POST_FINDING_ANALYSIS, 144 /** 145 * The final analysis phase. 146 * @implNote Bound analyzers are 147 * {@link DependencyBundlingAnalyzer} 148 * {@link UnusedSuppressionRuleAnalyzer} 149 */ 150 FINAL 151 }