GitHub - dancornell/DependencyCheck: DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities in project dependencies.

dancornell / DependencyCheck Public

forked from jeremylong/DependencyCheck

Notifications You must be signed in to change notification settings
Fork 0
Star 0

DependencyCheck is a utility that attempts to detect publically disclosed vulnerabilities in project dependencies.

GPL-3.0 license

0 stars 1.2k forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
src		src
.gitignore		.gitignore
LICENSE.txt		LICENSE.txt
NOTICES.txt		NOTICES.txt
README.txt		README.txt
pom.xml		pom.xml

Repository files navigation

About:
DependencyCheck is a utility that attempts to detect publically disclosed
vulnerabilities contained within project dependencies. It does this by determining
if there is a Common Platform Enumeration (CPE) identifier for a given dependency. 
If found, it will generate a report linking to the associated CVE entries. 

Usage:
$ mvn package
$ cd target
$ java -jar dependencycheck-0.1.1.jar -h
$ java -jar DependencyCheck-0.1.1.jar -a Testing -out . -scan ./test-classes/org.mortbay.jetty.jar -scan struts2-core-2.1.2.jar -scan ./lib


Author: Jeremy Long (jeremy.long@gmail.com)

Copyright (c) 2012 Jeremy Long. All Rights Reserved.