See: Description
| Interface | Description |
|---|---|
| Analyzer |
An interface that defines an Analyzer that is used to identify Dependencies.
|
| FileTypeAnalyzer |
An Analyzer that scans specific file types.
|
| Class | Description |
|---|---|
| AbstractAnalyzer |
Base class for analyzers to avoid code duplication of prepare and close as
most analyzers do not need these methods.
|
| AbstractDependencyComparingAnalyzer |
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
| AbstractFileTypeAnalyzer |
The base FileTypeAnalyzer that all analyzers that have specific file types
they analyze should extend.
|
| AbstractNpmAnalyzer |
An abstract NPM analyzer that contains common methods for concrete
implementations.
|
| AbstractSuppressionAnalyzer |
Abstract base suppression analyzer that contains methods for parsing the
suppression XML file.
|
| AnalyzerService |
The Analyzer Service Loader.
|
| ArchiveAnalyzer |
An analyzer that extracts files from archives and ensures any supported files
contained within the archive are added to the dependency list.
|
| ArtifactoryAnalyzer |
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Artifactory for the dependency's hashes digest.
|
| AssemblyAnalyzer |
Analyzer for getting company, product, and version information from a .NET
assembly.
|
| AutoconfAnalyzer |
Used to analyze Autoconf input files named configure.ac or configure.in.
|
| CentralAnalyzer |
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Central for the dependency's SHA-1 digest.
|
| CMakeAnalyzer |
Used to analyze CMake build files, and collect information that can be used
to determine the associated CPE.
|
| CocoaPodsAnalyzer |
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from .podspec files.
|
| ComposerLockAnalyzer |
Used to analyze a composer.lock file for a composer PHP app.
|
| CPEAnalyzer |
CPEAnalyzer is a utility class that takes a project dependency and attempts
to discern if there is an associated CPE.
|
| CpeSuppressionAnalyzer |
This is no longer used as a standalone analyzer; rather this is called by the
CPE Analyzer directly.
|
| DependencyBundlingAnalyzer |
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
|
| DependencyMergingAnalyzer |
This analyzer will merge dependencies, created from different source, into a
single dependency.
|
| ElixirMixAuditAnalyzer | |
| FalsePositiveAnalyzer |
This analyzer attempts to remove some well known false positives -
specifically regarding the java runtime.
|
| FileNameAnalyzer |
Takes a dependency and analyzes the filename and determines the hashes.
|
| GolangDepAnalyzer |
Go lang dependency analyzer.
|
| GolangModAnalyzer |
Go mod dependency analyzer.
|
| HintAnalyzer |
This analyzer adds evidence to dependencies to enhance the accuracy of
library identification.
|
| JarAnalyzer |
Used to load a JAR file and collect information that can be used to determine
the associated CPE.
|
| JarAnalyzer.ClassNameInformation |
Stores information about a class name.
|
| MSBuildProjectAnalyzer |
Analyzes MS Project files for dependencies.
|
| NexusAnalyzer |
Analyzer which will attempt to locate a dependency on a Nexus service by
SHA-1 digest of the dependency.
|
| NodeAuditAnalyzer |
Used to analyze Node Package Manager (npm) package-lock.json and
npm-shrinkwrap.json files via NPM Audit API.
|
| NodePackageAnalyzer |
Used to analyze Node Package Manager (npm) package.json files, and collect
information that can be used to determine the associated CPE.
|
| NpmCPEAnalyzer |
NpmCPEAnalyzer takes a project dependency and attempts to discern if there is
an associated CPE.
|
| NugetconfAnalyzer |
Analyzer which parses a Nuget packages.config file to gather module
information.
|
| NuspecAnalyzer |
Analyzer which will parse a Nuspec file to gather module information.
|
| NvdCveAnalyzer |
NvdCveAnalyzer is a utility class that takes a project dependency and
attempts to discern if there is an associated CVEs.
|
| OpenSSLAnalyzer |
Used to analyze OpenSSL source code present in the file system.
|
| OssIndexAnalyzer |
Enrich dependency information from Sonatype OSS index.
|
| PEAnalyzer |
Takes a dependency and analyze the PE header for meta data that can be used
to identify the library.
|
| PipAnalyzer |
Used to analyze pip dependency files named requirements.txt.
|
| PythonDistributionAnalyzer |
Used to analyze a Wheel or egg distribution files, or their contents in
unzipped form, and collect information that can be used to determine the
associated CPE.
|
| PythonPackageAnalyzer |
Used to analyze a Python package, and collect information that can be used to
determine the associated CPE.
|
| RetireJsAnalyzer |
The RetireJS analyzer uses the manually curated list of vulnerabilities from
the RetireJS community along with the necessary information to assist in
identifying vulnerable components.
|
| RubyBundleAuditAnalyzer |
Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party
bundle-audit tool.
|
| RubyBundlerAnalyzer |
This analyzer accepts the fully resolved .gemspec created by the Ruby bundler
(http://bundler.io) for better evidence results.
|
| RubyGemspecAnalyzer |
Used to analyze Ruby Gem specifications and collect information that can be
used to determine the associated CPE.
|
| SwiftPackageManagerAnalyzer |
This analyzer is used to analyze the SWIFT Package Manager
(https://swift.org/package-manager/).
|
| VersionFilterAnalyzer |
This analyzer attempts to filter out erroneous version numbers collected.
|
| VulnerabilitySuppressionAnalyzer |
The suppression analyzer processes an externally defined XML document that
complies with the suppressions.xsd schema.
|
| Enum | Description |
|---|---|
| AnalysisPhase |
An enumeration defining the phases of analysis.
|
| Annotation Type | Description |
|---|---|
| Experimental |
Annotation used to flag an analyzer as experimental.
|
| Retired |
Annotation used to flag an analyzer as retired.
|
Copyright © 2012–2020 OWASP. All rights reserved.