| Package | Description |
|---|---|
| org.owasp.dependencycheck |
Includes the main entry point for dependency-check.
|
| org.owasp.dependencycheck.agent |
The agent package holds an agent API that can be used by other applications that have information about dependencies; but would
rather implement something in their code directly rather then spawn a process to run the entire dependency-check engine.
|
| org.owasp.dependencycheck.analyzer |
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
|
| org.owasp.dependencycheck.data.update |
Contains classes used to update the data stores.
The UpdateService will load, any correctly defined CachedWebDataSource(s) and call update() on them. |
| org.owasp.dependencycheck.utils |
Includes various utility classes such as a Settings wrapper, a Checksum utility, etc.
|
| Constructor and Description |
|---|
AnalysisTask(Analyzer analyzer,
Dependency dependency,
Engine engine,
List<Throwable> exceptions)
Creates a new analysis task.
|
| Modifier and Type | Method and Description |
|---|---|
Engine |
DependencyCheckScanAgent.execute()
Executes the dependency-check and generates the report.
|
| Modifier and Type | Method and Description |
|---|---|
void |
AbstractAnalyzer.analyze(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
Analyzer.analyze(Dependency dependency,
Engine engine)
Analyzes the given dependency.
|
void |
JarAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Loads a specified JAR file and collects information from the manifest and
checksums to identify the correct CPE information.
|
void |
NexusAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
FileNameAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
AbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore,
Engine engine)
Analyzes a set of dependencies.
|
protected void |
NodeAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CMakeAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
void |
ArtifactoryAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
void |
ArchiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
protected void |
OpenSSLAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected void |
RubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Determines if the analyzer can analyze the given file type.
|
protected void |
AutoconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
VersionFilterAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
RubyBundlerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
CocoaPodsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
FalsePositiveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the dependencies and removes bad/incorrect CPE associations
based on various heuristics.
|
void |
CentralAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
ComposerLockAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Entry point for the analyzer.
|
void |
NuspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
MSBuildProjectAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonDistributionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
OssIndexAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PipAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
SwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
NvdCveAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
CPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected abstract void |
AbstractAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a given dependency.
|
void |
NugetconfAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis.
|
protected void |
NpmCPEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes a dependency and attempts to determine if there are any CPE
identifiers for this dependency.
|
protected void |
AbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
HintAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
The HintAnalyzer uses knowledge about a dependency to add additional
information to help in identification of identifiers or vulnerabilities.
|
protected void |
PEAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Collects information about the file name.
|
protected void |
GolangDepAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
protected void |
NodePackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
GolangModAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes go packages and adds evidence to the dependency.
|
void |
RetireJsAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes the specified JavaScript file.
|
void |
AssemblyAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Performs the analysis on a single Dependency.
|
protected void |
RubyGemspecAnalyzer.analyzeDependency(Dependency dependency,
Engine engine) |
protected void |
PythonPackageAnalyzer.analyzeDependency(Dependency dependency,
Engine engine)
Analyzes python packages and adds evidence to the dependency.
|
protected boolean |
JarAnalyzer.analyzePOM(Dependency dependency,
List<JarAnalyzer.ClassNameInformation> classes,
Engine engine)
Attempts to find a pom.xml within the JAR file.
|
protected Dependency |
AbstractNpmAnalyzer.findDependency(Engine engine,
String name,
String version)
Locates the dependency from the list of dependencies that have been
scanned by the engine.
|
void |
AbstractAnalyzer.prepare(Engine engine)
Initialize the abstract analyzer.
|
void |
Analyzer.prepare(Engine engine)
The prepare method is called (once) prior to the analyze method being
called on all of the dependencies.
|
protected void |
AbstractFileTypeAnalyzer.prepareAnalyzer(Engine engine)
Initializes the analyzer.
|
void |
CPEAnalyzer.prepareAnalyzer(Engine engine)
Creates the CPE Lucene Index.
|
protected void |
AbstractAnalyzer.prepareAnalyzer(Engine engine)
Prepares a given Analyzer.
|
void |
AbstractSuppressionAnalyzer.prepareAnalyzer(Engine engine)
The prepare method loads the suppression XML file.
|
void |
HintAnalyzer.prepareAnalyzer(Engine engine)
The prepare method does nothing for this Analyzer.
|
void |
JarAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the JarAnalyzer.
|
protected abstract void |
AbstractFileTypeAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Prepares the file type analyzer for dependency analysis.
|
void |
NexusAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
void |
NodeAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
protected void |
CMakeAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer.
|
void |
ArtifactoryAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
protected void |
ElixirMixAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
void |
ArchiveAnalyzer.prepareFileTypeAnalyzer(Engine engine)
The prepare method does nothing for this Analyzer.
|
protected void |
OpenSSLAnalyzer.prepareFileTypeAnalyzer(Engine engine)
No-op initializer implementation.
|
void |
RubyBundleAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initialize the analyzer.
|
protected void |
AutoconfAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the file type analyzer.
|
protected void |
CocoaPodsAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
void |
CentralAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
protected void |
ComposerLockAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer.
|
void |
NuspecAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
protected void |
MSBuildProjectAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
protected void |
PythonDistributionAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Makes sure a usable temporary directory is available.
|
protected void |
PipAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the file type analyzer.
|
protected void |
SwiftPackageManagerAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
void |
NugetconfAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initializes the analyzer once before any analysis is performed.
|
protected void |
PEAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
protected void |
GolangDepAnalyzer.prepareFileTypeAnalyzer(Engine engine)
No-op initializer implementation.
|
protected void |
NodePackageAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Performs validation on the configuration to ensure that the correct
analyzers are in place.
|
protected void |
GolangModAnalyzer.prepareFileTypeAnalyzer(Engine engine)
No-op initializer implementation.
|
protected void |
RetireJsAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Prepares the file type analyzer for dependency analysis.
|
void |
AssemblyAnalyzer.prepareFileTypeAnalyzer(Engine engine)
Initialize the analyzer.
|
protected void |
RubyGemspecAnalyzer.prepareFileTypeAnalyzer(Engine engine) |
protected void |
PythonPackageAnalyzer.prepareFileTypeAnalyzer(Engine engine)
No-op initializer implementation.
|
protected void |
AbstractNpmAnalyzer.processPackage(Engine engine,
Dependency dependency,
javax.json.JsonArray jsonArray,
String depType)
Processes a part of package.json (as defined by JsonArray) and update the
specified dependency with relevant info.
|
protected void |
AbstractNpmAnalyzer.processPackage(Engine engine,
Dependency dependency,
javax.json.JsonObject jsonObject,
String depType)
Processes a part of package.json (as defined by JsonObject) and update
the specified dependency with relevant info.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
NvdCveUpdater.purge(Engine engine) |
boolean |
CachedWebDataSource.purge(Engine engine)
Deletes any locally cached data.
|
boolean |
EngineVersionCheck.purge(Engine engine) |
boolean |
RetireJSDataSource.purge(Engine engine) |
boolean |
NvdCveUpdater.update(Engine engine)
Downloads the latest NVD CVE XML file from the web and imports it into
the current CVE Database.
|
boolean |
CachedWebDataSource.update(Engine engine)
Determines if an update to the current data store is needed, if it is the
new data is downloaded from the Internet and imported into the current
cached data store.
|
boolean |
EngineVersionCheck.update(Engine engine)
Downloads the current released version number and compares it to the
running engine's version number.
|
boolean |
RetireJSDataSource.update(Engine engine)
Downloads the current RetireJS data source.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
ExtractionUtil.extractFiles(File archive,
File extractTo,
Engine engine)
Extracts the contents of an archive into the specified directory.
|
Copyright © 2012–2020 OWASP. All rights reserved.