The analysis of Ruby is a wrapper around bundle-audit, which must be installed.įor instructions on the use of the Jenkins plugin please see the OWASP Dependency-Check Plugin page.The analysis performed utilize the respective audit feature of each.
The analysis of npm, pnpm, and yarn projects requires npm, pnpm, or yarn to be installed.The analysis of Elixir projects requires mix_audit.If analyzing GoLang projects go must be installed.Assemblies targeting other run times can be analyzed - but 6 is required to run the analysis.NET Assemblies the dotnet 6 run time or SDK must be installed. Some of the analysis listed below may beĮxperimental and require the experimental analyzers to be enabled. In order to analyze some technology stacks dependency-check may require otherĭevelopment tools to be installed. OWASP dependency-check requires access to several externally hosted resources.įor more information see Internet Access Required. Issues arise you may need to purge the database: When using theĮmbedded H2 database the schema should be upgraded automatically. If usingĪn externally hosted database the schema will need to be updated.
8.0.0 Upgrade NoticeĨ.0.0 contains breaking changes which requires updates to the database. Additionally, more information about the architecture and ways to extend dependency-check can be found on the wiki. If found, it will generate a report linking to the associated CVE entries.ĭocumentation and links to production binary releases can be found on the github pages. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.
0 kommentar(er)
