├── .gitattributes
├── .github
├── FUNDING.yml
├── ISSUE_TEMPLATE
│ ├── ask-a-question.md
│ ├── bug_report.md
│ ├── false-positive-report.yml
│ └── feature_request.md
├── boring-cyborg.yml
├── contributing.md
├── dependabot.yml
├── pull_request_template.md
└── workflows
│ ├── build.yml
│ ├── codeql-analysis.yml
│ ├── coverity.yml
│ ├── false-positive-approvals.yml
│ ├── false-positive-cleanup.yml
│ ├── false-positive-ops.yml
│ ├── files
│ ├── maven-pom.end
│ ├── maven-pom.middle
│ └── maven-pom.start
│ ├── lint-pr.yml
│ ├── lock.yml
│ ├── publish-suppressions.yml
│ ├── pull_requests.yml
│ ├── purge-cache.yml
│ └── release.yml
├── .gitignore
├── .java-version
├── CHANGELOG.md
├── Dockerfile
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── SECURITY.md
├── ant
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── pom.xml
└── src
│ ├── main
│ ├── assembly
│ │ └── release.xml
│ ├── java
│ │ └── org
│ │ │ ├── owasp
│ │ │ └── dependencycheck
│ │ │ │ ├── ant
│ │ │ │ └── logging
│ │ │ │ │ ├── AntLoggerAdapter.java
│ │ │ │ │ ├── AntLoggerFactory.java
│ │ │ │ │ └── package-info.java
│ │ │ │ └── taskdefs
│ │ │ │ ├── Check.java
│ │ │ │ ├── Purge.java
│ │ │ │ ├── RetirejsFilter.java
│ │ │ │ ├── SuppressionFile.java
│ │ │ │ ├── Update.java
│ │ │ │ └── package-info.java
│ │ │ └── slf4j
│ │ │ └── impl
│ │ │ ├── StaticLoggerBinder.java
│ │ │ └── package-info.java
│ └── resources
│ │ ├── META-INF
│ │ └── licenses
│ │ │ └── ant
│ │ │ └── LICENSE.txt
│ │ ├── dependency-check-taskdefs.properties
│ │ └── task.properties
│ ├── site
│ ├── markdown
│ │ ├── config-purge.md
│ │ ├── config-update.md
│ │ ├── configuration.md
│ │ └── index.md.vm
│ ├── resources
│ │ └── images
│ │ │ └── dc-ant.svg
│ └── site.xml
│ └── test
│ ├── java
│ └── org
│ │ └── owasp
│ │ └── dependencycheck
│ │ └── taskdefs
│ │ └── DependencyCheckTaskIT.java
│ └── resources
│ ├── build.xml
│ ├── test-suppression.xml
│ ├── test-suppression1.xml
│ └── test-suppression2.xml
├── archetype
├── pom.xml
└── src
│ ├── main
│ └── resources
│ │ ├── META-INF
│ │ └── maven
│ │ │ └── archetype-metadata.xml
│ │ └── archetype-resources
│ │ ├── pom.xml
│ │ └── src
│ │ ├── main
│ │ ├── java
│ │ │ └── __analyzerName__.java
│ │ └── resources
│ │ │ └── META-INF
│ │ │ └── services
│ │ │ ├── org.owasp.dependencycheck.analyzer.Analyzer
│ │ │ └── org.owasp.dependencycheck.data.update.CachedWebDataSource
│ │ └── test
│ │ ├── java
│ │ └── __analyzerName__Test.java
│ │ └── resources
│ │ └── test.file
│ └── site
│ ├── markdown
│ └── index.md.vm
│ ├── resources
│ └── images
│ │ └── dc.svg
│ └── site.xml
├── build-docker.sh
├── cli
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── pom.xml
└── src
│ ├── main
│ ├── assembly
│ │ ├── license.txt
│ │ └── release.xml
│ ├── conf
│ │ └── unixBinTemplate
│ ├── java
│ │ └── org
│ │ │ └── owasp
│ │ │ └── dependencycheck
│ │ │ ├── App.java
│ │ │ ├── CliParser.java
│ │ │ └── package-info.java
│ └── resources
│ │ ├── META-INF
│ │ └── licenses
│ │ │ └── commons-cli
│ │ │ └── LICENSE.txt
│ │ ├── completion-for-dependency-check.sh
│ │ └── logback.xml
│ ├── site
│ ├── markdown
│ │ ├── arguments.md
│ │ └── index.md.vm
│ ├── resources
│ │ └── images
│ │ │ └── dc-cli.svg
│ └── site.xml
│ └── test
│ ├── java
│ └── org
│ │ └── owasp
│ │ └── dependencycheck
│ │ ├── AppTest.java
│ │ ├── BaseTest.java
│ │ └── CliParserTest.java
│ └── resources
│ ├── checkSumTest.file
│ ├── sample.properties
│ └── sample2.properties
├── core
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── pom.xml
└── src
│ ├── main
│ ├── doc
│ │ └── schema
│ │ │ └── nvdcve
│ │ │ └── json
│ │ │ ├── CVE_JSON_4.0_min_1.1.schema
│ │ │ ├── cvss-v2.0.json
│ │ │ ├── cvss-v3.x.json
│ │ │ └── nvd_cve_feed_json_1.1.schema
│ ├── java
│ │ └── org
│ │ │ └── owasp
│ │ │ └── dependencycheck
│ │ │ ├── AnalysisTask.java
│ │ │ ├── Engine.java
│ │ │ ├── agent
│ │ │ ├── DependencyCheckScanAgent.java
│ │ │ └── package-info.java
│ │ │ ├── analyzer
│ │ │ ├── AbstractAnalyzer.java
│ │ │ ├── AbstractDependencyComparingAnalyzer.java
│ │ │ ├── AbstractFileTypeAnalyzer.java
│ │ │ ├── AbstractNpmAnalyzer.java
│ │ │ ├── AbstractSuppressionAnalyzer.java
│ │ │ ├── AnalysisPhase.java
│ │ │ ├── Analyzer.java
│ │ │ ├── AnalyzerService.java
│ │ │ ├── ArchiveAnalyzer.java
│ │ │ ├── ArtifactoryAnalyzer.java
│ │ │ ├── AssemblyAnalyzer.java
│ │ │ ├── AutoconfAnalyzer.java
│ │ │ ├── CMakeAnalyzer.java
│ │ │ ├── CPEAnalyzer.java
│ │ │ ├── CarthageAnalyzer.java
│ │ │ ├── CentralAnalyzer.java
│ │ │ ├── CocoaPodsAnalyzer.java
│ │ │ ├── ComposerLockAnalyzer.java
│ │ │ ├── CpeSuppressionAnalyzer.java
│ │ │ ├── DartAnalyzer.java
│ │ │ ├── DependencyBundlingAnalyzer.java
│ │ │ ├── DependencyMergingAnalyzer.java
│ │ │ ├── ElixirMixAuditAnalyzer.java
│ │ │ ├── Experimental.java
│ │ │ ├── FalsePositiveAnalyzer.java
│ │ │ ├── FileNameAnalyzer.java
│ │ │ ├── FileTypeAnalyzer.java
│ │ │ ├── GolangDepAnalyzer.java
│ │ │ ├── GolangModAnalyzer.java
│ │ │ ├── HintAnalyzer.java
│ │ │ ├── JarAnalyzer.java
│ │ │ ├── KnownExploitedVulnerabilityAnalyzer.java
│ │ │ ├── LibmanAnalyzer.java
│ │ │ ├── MSBuildProjectAnalyzer.java
│ │ │ ├── NexusAnalyzer.java
│ │ │ ├── NodeAuditAnalyzer.java
│ │ │ ├── NodePackageAnalyzer.java
│ │ │ ├── NpmCPEAnalyzer.java
│ │ │ ├── NugetconfAnalyzer.java
│ │ │ ├── NuspecAnalyzer.java
│ │ │ ├── NvdCveAnalyzer.java
│ │ │ ├── OpenSSLAnalyzer.java
│ │ │ ├── OssIndexAnalyzer.java
│ │ │ ├── PEAnalyzer.java
│ │ │ ├── PerlCpanfileAnalyzer.java
│ │ │ ├── PinnedMavenInstallAnalyzer.java
│ │ │ ├── PipAnalyzer.java
│ │ │ ├── PipfileAnalyzer.java
│ │ │ ├── PipfilelockAnalyzer.java
│ │ │ ├── PnpmAuditAnalyzer.java
│ │ │ ├── PoetryAnalyzer.java
│ │ │ ├── PythonDistributionAnalyzer.java
│ │ │ ├── PythonPackageAnalyzer.java
│ │ │ ├── RetireJsAnalyzer.java
│ │ │ ├── Retired.java
│ │ │ ├── RubyBundleAuditAnalyzer.java
│ │ │ ├── RubyBundlerAnalyzer.java
│ │ │ ├── RubyGemspecAnalyzer.java
│ │ │ ├── SwiftPackageManagerAnalyzer.java
│ │ │ ├── SwiftPackageResolvedAnalyzer.java
│ │ │ ├── UnusedSuppressionRuleAnalyzer.java
│ │ │ ├── VersionFilterAnalyzer.java
│ │ │ ├── VulnerabilitySuppressionAnalyzer.java
│ │ │ ├── YarnAuditAnalyzer.java
│ │ │ ├── exception
│ │ │ │ ├── AnalysisException.java
│ │ │ │ ├── ArchiveExtractionException.java
│ │ │ │ ├── LambdaExceptionWrapper.java
│ │ │ │ ├── SearchException.java
│ │ │ │ ├── UnexpectedAnalysisException.java
│ │ │ │ └── package-info.java
│ │ │ └── package-info.java
│ │ │ ├── data
│ │ │ ├── artifactory
│ │ │ │ ├── ArtifactorySearch.java
│ │ │ │ ├── ArtifactorySearchResponseHandler.java
│ │ │ │ ├── ChecksumsImpl.java
│ │ │ │ ├── FileImpl.java
│ │ │ │ ├── ItemImpl.java
│ │ │ │ └── package-info.java
│ │ │ ├── cache
│ │ │ │ ├── DataCache.java
│ │ │ │ ├── DataCacheFactory.java
│ │ │ │ └── package-info.java
│ │ │ ├── central
│ │ │ │ ├── CentralSearch.java
│ │ │ │ └── package-info.java
│ │ │ ├── composer
│ │ │ │ ├── ComposerDependency.java
│ │ │ │ ├── ComposerException.java
│ │ │ │ ├── ComposerLockParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── cpe
│ │ │ │ ├── AbstractMemoryIndex.java
│ │ │ │ ├── CpeMemoryIndex.java
│ │ │ │ ├── Fields.java
│ │ │ │ ├── IndexEntry.java
│ │ │ │ ├── IndexException.java
│ │ │ │ ├── MemoryIndex.java
│ │ │ │ ├── NpmCpeMemoryIndex.java
│ │ │ │ └── package-info.java
│ │ │ ├── cwe
│ │ │ │ ├── App.java
│ │ │ │ ├── CweDB.java
│ │ │ │ ├── CweHandler.java
│ │ │ │ └── package-info.java
│ │ │ ├── elixir
│ │ │ │ ├── MixAuditJsonParser.java
│ │ │ │ ├── MixAuditResult.java
│ │ │ │ └── package-info.java
│ │ │ ├── golang
│ │ │ │ ├── GoModDependency.java
│ │ │ │ ├── GoModJsonParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── lucene
│ │ │ │ ├── AbstractTokenizingFilter.java
│ │ │ │ ├── AlphaNumericFilter.java
│ │ │ │ ├── DependencySimilarity.java
│ │ │ │ ├── LuceneUtils.java
│ │ │ │ ├── SearchFieldAnalyzer.java
│ │ │ │ ├── TokenPairConcatenatingFilter.java
│ │ │ │ ├── UrlTokenizingFilter.java
│ │ │ │ └── package-info.java
│ │ │ ├── nexus
│ │ │ │ ├── MavenArtifact.java
│ │ │ │ ├── NexusSearch.java
│ │ │ │ ├── NexusV2Search.java
│ │ │ │ ├── NexusV3Search.java
│ │ │ │ └── package-info.java
│ │ │ ├── nodeaudit
│ │ │ │ ├── Advisory.java
│ │ │ │ ├── NodeAuditSearch.java
│ │ │ │ ├── NpmAuditParser.java
│ │ │ │ ├── NpmPayloadBuilder.java
│ │ │ │ └── package-info.java
│ │ │ ├── nuget
│ │ │ │ ├── DirectoryBuildPropsParser.java
│ │ │ │ ├── DirectoryPackagesPropsParser.java
│ │ │ │ ├── MSBuildProjectParseException.java
│ │ │ │ ├── NugetPackage.java
│ │ │ │ ├── NugetPackageReference.java
│ │ │ │ ├── NugetconfParseException.java
│ │ │ │ ├── NuspecParseException.java
│ │ │ │ ├── XPathMSBuildProjectParser.java
│ │ │ │ ├── XPathNugetconfParser.java
│ │ │ │ ├── XPathNuspecParser.java
│ │ │ │ └── package-info.java
│ │ │ ├── nvd
│ │ │ │ └── ecosystem
│ │ │ │ │ ├── CveEcosystemMapper.java
│ │ │ │ │ ├── DescriptionEcosystemMapper.java
│ │ │ │ │ ├── DescriptionKeywordHint.java
│ │ │ │ │ ├── Ecosystem.java
│ │ │ │ │ ├── EcosystemHint.java
│ │ │ │ │ ├── EcosystemHintNature.java
│ │ │ │ │ ├── FileExtensionHint.java
│ │ │ │ │ ├── StringAhoCorasickDoubleArrayTrie.java
│ │ │ │ │ ├── UrlEcosystemMapper.java
│ │ │ │ │ ├── UrlHostHint.java
│ │ │ │ │ ├── UrlPathHint.java
│ │ │ │ │ └── package-info.java
│ │ │ ├── nvdcve
│ │ │ │ ├── CorruptDatabaseException.java
│ │ │ │ ├── CveDB.java
│ │ │ │ ├── CveItemOperator.java
│ │ │ │ ├── DatabaseException.java
│ │ │ │ ├── DatabaseManager.java
│ │ │ │ ├── DatabaseProperties.java
│ │ │ │ ├── DriverLoadException.java
│ │ │ │ ├── DriverLoader.java
│ │ │ │ ├── DriverShim.java
│ │ │ │ ├── H2Functions.java
│ │ │ │ └── package-info.java
│ │ │ ├── ossindex
│ │ │ │ ├── ODCConnectionTransport.java
│ │ │ │ ├── OssindexClientFactory.java
│ │ │ │ └── package-info.java
│ │ │ └── update
│ │ │ │ ├── CachedWebDataSource.java
│ │ │ │ ├── EngineVersionCheck.java
│ │ │ │ ├── HostedSuppressionsDataSource.java
│ │ │ │ ├── KnownExploitedDataSource.java
│ │ │ │ ├── LocalDataSource.java
│ │ │ │ ├── NvdApiDataSource.java
│ │ │ │ ├── RetireJSDataSource.java
│ │ │ │ ├── UpdateService.java
│ │ │ │ ├── cisa
│ │ │ │ ├── KnownExploitedVulnerabilityParser.java
│ │ │ │ └── package-info.java
│ │ │ │ ├── cpe
│ │ │ │ ├── CpeEcosystemCache.java
│ │ │ │ ├── CpePlus.java
│ │ │ │ └── package-info.java
│ │ │ │ ├── exception
│ │ │ │ ├── CorruptedDatastreamException.java
│ │ │ │ ├── InvalidDataException.java
│ │ │ │ ├── UpdateException.java
│ │ │ │ └── package-info.java
│ │ │ │ ├── nvd
│ │ │ │ └── api
│ │ │ │ │ ├── CveApiJson20CveItemSource.java
│ │ │ │ │ ├── CveItemSource.java
│ │ │ │ │ ├── DownloadTask.java
│ │ │ │ │ ├── JsonArrayCveItemSource.java
│ │ │ │ │ ├── NvdApiProcessor.java
│ │ │ │ │ └── package-info.java
│ │ │ │ └── package-info.java
│ │ │ ├── dependency
│ │ │ ├── Confidence.java
│ │ │ ├── CweSet.java
│ │ │ ├── Dependency.java
│ │ │ ├── Evidence.java
│ │ │ ├── EvidenceCollection.java
│ │ │ ├── EvidenceType.java
│ │ │ ├── IncludedByReference.java
│ │ │ ├── Reference.java
│ │ │ ├── Vulnerability.java
│ │ │ ├── VulnerableSoftware.java
│ │ │ ├── VulnerableSoftwareBuilder.java
│ │ │ ├── naming
│ │ │ │ ├── CpeIdentifier.java
│ │ │ │ ├── GenericIdentifier.java
│ │ │ │ ├── Identifier.java
│ │ │ │ ├── PurlIdentifier.java
│ │ │ │ └── package-info.java
│ │ │ └── package-info.java
│ │ │ ├── exception
│ │ │ ├── DependencyNotFoundException.java
│ │ │ ├── ExceptionCollection.java
│ │ │ ├── InitializationException.java
│ │ │ ├── NoDataException.java
│ │ │ ├── ParseException.java
│ │ │ ├── ReportException.java
│ │ │ ├── ScanAgentException.java
│ │ │ ├── WriteLockException.java
│ │ │ └── package-info.java
│ │ │ ├── package-info.java
│ │ │ ├── processing
│ │ │ ├── BundlerAuditProcessor.java
│ │ │ ├── GoModProcessor.java
│ │ │ ├── GrokAssemblyProcessor.java
│ │ │ ├── MixAuditProcessor.java
│ │ │ └── package-info.java
│ │ │ ├── reporting
│ │ │ ├── EscapeTool.java
│ │ │ ├── ReportGenerator.java
│ │ │ ├── ReportTool.java
│ │ │ ├── SarifRule.java
│ │ │ └── package-info.java
│ │ │ ├── utils
│ │ │ ├── CvssUtil.java
│ │ │ ├── DBUtils.java
│ │ │ ├── DateUtil.java
│ │ │ ├── DependencyVersion.java
│ │ │ ├── DependencyVersionUtil.java
│ │ │ ├── ExtractionUtil.java
│ │ │ ├── FileFilterBuilder.java
│ │ │ ├── Filter.java
│ │ │ ├── InterpolationUtil.java
│ │ │ ├── PEParser.java
│ │ │ ├── Pair.java
│ │ │ ├── PyPACoreMetadataParser.java
│ │ │ ├── SeverityUtil.java
│ │ │ ├── UrlStringUtils.java
│ │ │ ├── WriteLock.java
│ │ │ ├── WriteLockCleanupHook.java
│ │ │ ├── WriteLockShutdownHook.java
│ │ │ ├── WriteLockShutdownHookFactory.java
│ │ │ └── package-info.java
│ │ │ └── xml
│ │ │ ├── XmlEntity.java
│ │ │ ├── XmlInputStream.java
│ │ │ ├── assembly
│ │ │ ├── AssemblyData.java
│ │ │ ├── GrokErrorHandler.java
│ │ │ ├── GrokHandler.java
│ │ │ ├── GrokParseException.java
│ │ │ ├── GrokParser.java
│ │ │ └── package-info.java
│ │ │ ├── hints
│ │ │ ├── EvidenceMatcher.java
│ │ │ ├── HintErrorHandler.java
│ │ │ ├── HintHandler.java
│ │ │ ├── HintParseException.java
│ │ │ ├── HintParser.java
│ │ │ ├── HintRule.java
│ │ │ ├── VendorDuplicatingHintRule.java
│ │ │ └── package-info.java
│ │ │ ├── package-info.java
│ │ │ ├── pom
│ │ │ ├── Developer.java
│ │ │ ├── License.java
│ │ │ ├── Model.java
│ │ │ ├── PomHandler.java
│ │ │ ├── PomParseException.java
│ │ │ ├── PomParser.java
│ │ │ ├── PomProjectInputStream.java
│ │ │ ├── PomUtils.java
│ │ │ └── package-info.java
│ │ │ └── suppression
│ │ │ ├── PropertyType.java
│ │ │ ├── SuppressionErrorHandler.java
│ │ │ ├── SuppressionHandler.java
│ │ │ ├── SuppressionParseException.java
│ │ │ ├── SuppressionParser.java
│ │ │ ├── SuppressionRule.java
│ │ │ └── package-info.java
│ └── resources
│ │ ├── GrokAssembly.zip
│ │ ├── META-INF
│ │ ├── licenses
│ │ │ ├── StupidTablePlugin
│ │ │ │ └── LICENSE.txt
│ │ │ ├── commons-compress
│ │ │ │ └── LICENSE.txt
│ │ │ ├── commons-io
│ │ │ │ └── LICENSE.txt
│ │ │ ├── cve
│ │ │ │ └── license.txt
│ │ │ ├── cwe
│ │ │ │ └── license.txt
│ │ │ ├── h2database
│ │ │ │ ├── license.txt
│ │ │ │ └── readme.txt
│ │ │ ├── jquery
│ │ │ │ └── MIT-LICENSE.txt
│ │ │ ├── jsoup
│ │ │ │ └── LICENSE.txt
│ │ │ ├── lucene
│ │ │ │ └── LICENSE.txt
│ │ │ └── velocity
│ │ │ │ └── LICENSE.txt
│ │ └── services
│ │ │ ├── org.owasp.dependencycheck.analyzer.Analyzer
│ │ │ └── org.owasp.dependencycheck.data.update.CachedWebDataSource
│ │ ├── data
│ │ ├── cwe.hashmap.serialized
│ │ ├── dbEcosystemCacheUpdates.sql
│ │ ├── dbStatements.properties
│ │ ├── dbStatements_h2.properties
│ │ ├── dbStatements_mariadb.properties
│ │ ├── dbStatements_microsoft sql server.properties
│ │ ├── dbStatements_mysql.properties
│ │ ├── dbStatements_oracle.properties
│ │ ├── dbStatements_postgresql.properties
│ │ ├── initialize.sql
│ │ ├── initialize_mssql.sql
│ │ ├── initialize_mysql.sql
│ │ ├── initialize_oracle.sql
│ │ ├── initialize_postgres.sql
│ │ ├── upgrade_5.3.sql
│ │ └── upgrade_5.4.sql
│ │ ├── dependencycheck-base-hint.xml
│ │ ├── dependencycheck-base-suppression.xml
│ │ ├── dependencycheck-cache.properties
│ │ ├── dependencycheck.properties
│ │ ├── schema
│ │ ├── dependency-check.1.3.xsd
│ │ ├── dependency-check.1.4.xsd
│ │ ├── dependency-check.1.5.xsd
│ │ ├── dependency-check.1.6.xsd
│ │ ├── dependency-check.1.7.xsd
│ │ ├── dependency-check.1.8.xsd
│ │ ├── dependency-check.2.0.xsd
│ │ ├── dependency-check.2.1.xsd
│ │ ├── dependency-check.2.2.xsd
│ │ ├── dependency-check.2.3.xsd
│ │ ├── dependency-check.2.4.xsd
│ │ ├── dependency-check.2.5.xsd
│ │ ├── dependency-check.3.0.xsd
│ │ ├── dependency-check.3.1.xsd
│ │ ├── dependency-check.4.0.xsd
│ │ ├── dependency-check.4.1.xsd
│ │ ├── dependency-hint.1.0.xsd
│ │ ├── dependency-hint.1.1.xsd
│ │ ├── dependency-hint.1.2.xsd
│ │ ├── dependency-hint.1.3.xsd
│ │ ├── dependency-hint.1.4.xsd
│ │ ├── dependency-suppression.1.1.xsd
│ │ ├── dependency-suppression.1.2.xsd
│ │ ├── dependency-suppression.1.3.xsd
│ │ ├── external
│ │ │ ├── cisa
│ │ │ │ └── known_exploited_vulnerabilities_schema.json
│ │ │ ├── cpe
│ │ │ │ └── cpe-dictionary_2.2.xsd
│ │ │ └── nvd
│ │ │ │ ├── CVE_JSON_4.0_min_1.1.schema
│ │ │ │ ├── cvss-v2.0.json
│ │ │ │ ├── cvss-v3.x.json
│ │ │ │ └── nvd_cve_feed_json_1.1.schema
│ │ ├── grok-assembly.1.0.xsd
│ │ ├── pom
│ │ │ ├── generateBindings.bat
│ │ │ ├── generateBindings.sh
│ │ │ └── maven-v4_0_0.xsd
│ │ └── suppression.xsd
│ │ └── templates
│ │ ├── csvReport.vsl
│ │ ├── gitlabReport.vsl
│ │ ├── htmlReport.vsl
│ │ ├── jenkinsReport.vsl
│ │ ├── jsonReport.vsl
│ │ ├── junitReport.vsl
│ │ ├── sarifReport.vsl
│ │ └── xmlReport.vsl
│ ├── site
│ ├── markdown
│ │ └── index.md
│ ├── resources
│ │ └── images
│ │ │ ├── dc-core.svg
│ │ │ └── readme.txt
│ └── site.xml
│ └── test
│ ├── java
│ └── org
│ │ └── owasp
│ │ └── dependencycheck
│ │ ├── AnalysisTaskTest.java
│ │ ├── BaseDBTestCase.java
│ │ ├── BaseTest.java
│ │ ├── EngineIT.java
│ │ ├── EngineTest.java
│ │ ├── agent
│ │ └── DependencyCheckScanAgentIT.java
│ │ ├── analyzer
│ │ ├── AbstractFileTypeAnalyzerTest.java
│ │ ├── AbstractNpmAnalyzerIT.java
│ │ ├── AbstractSuppressionAnalyzerTest.java
│ │ ├── AnalyzerServiceTest.java
│ │ ├── ArchiveAnalyzerIT.java
│ │ ├── ArchiveAnalyzerTest.java
│ │ ├── AssemblyAnalyzerTest.java
│ │ ├── AutoconfAnalyzerTest.java
│ │ ├── CMakeAnalyzerTest.java
│ │ ├── CPEAnalyzerIT.java
│ │ ├── CPEAnalyzerTest.java
│ │ ├── CentralAnalyzerTest.java
│ │ ├── ComposerLockAnalyzerTest.java
│ │ ├── CpeSuppressionAnalyzerIT.java
│ │ ├── DartAnalyzerTest.java
│ │ ├── DependencyBundlingAnalyzerIT.java
│ │ ├── DependencyBundlingAnalyzerTest.java
│ │ ├── DependencyCheckPropertiesTest.java
│ │ ├── DependencyMergingAnalyzerTest.java
│ │ ├── ElixirMixAuditAnalyzerIT.java
│ │ ├── ElixirMixAuditAnalyzerTest.java
│ │ ├── FalsePositiveAnalyzerTest.java
│ │ ├── FileNameAnalyzerTest.java
│ │ ├── GolangDepAnalyzerTest.java
│ │ ├── GolangModAnalyzerTest.java
│ │ ├── HintAnalyzerTest.java
│ │ ├── JarAnalyzerTest.java
│ │ ├── LibmanAnalyzerTest.java
│ │ ├── MSBuildProjectAnalyzerTest.java
│ │ ├── NodeAuditAnalyzerIT.java
│ │ ├── NodeAuditAnalyzerTest.java
│ │ ├── NodePackageAnalyzerTest.java
│ │ ├── NpmCPEAnalyzerIT.java
│ │ ├── NpmCPEAnalyzerTest.java
│ │ ├── NugetconfAnalyzerTest.java
│ │ ├── NuspecAnalyzerTest.java
│ │ ├── OpenSSLAnalyzerTest.java
│ │ ├── OssIndexAnalyzerTest.java
│ │ ├── PEAnalyzerTest.java
│ │ ├── PerlCpanfileAnalyzerTest.java
│ │ ├── PinnedMavenInstallAnalyzerTest.java
│ │ ├── PipAnalyzerIT.java
│ │ ├── PipAnalyzerTest.java
│ │ ├── PipfileAnalyzerTest.java
│ │ ├── PipfilelockAnalyzerTest.java
│ │ ├── PnpmAuditAnalyzerIT.java
│ │ ├── PnpmAuditAnalyzerTest.java
│ │ ├── PoetryAnalyzerTest.java
│ │ ├── PythonDistributionAnalyzerTest.java
│ │ ├── PythonPackageAnalyzerTest.java
│ │ ├── RetireJsAnalyzerFiltersTest.java
│ │ ├── RetireJsAnalyzerIT.java
│ │ ├── RubyBundleAuditAnalyzerIT.java
│ │ ├── RubyBundlerAnalyzerTest.java
│ │ ├── RubyGemspecAnalyzerTest.java
│ │ ├── SwiftAnalyzersTest.java
│ │ ├── UnusedSuppressionRuleAnalyzerTest.java
│ │ ├── VersionFilterAnalyzerTest.java
│ │ ├── VulnerabilitySuppressionAnalyzerIT.java
│ │ ├── YarnAuditAnalyzerIT.java
│ │ └── YarnAuditAnalyzerTest.java
│ │ ├── data
│ │ ├── artifactory
│ │ │ ├── ArtifactorySearchIT.java
│ │ │ ├── ArtifactorySearchResponseHandlerTest.java
│ │ │ └── ArtifactorySearchTest.java
│ │ ├── cache
│ │ │ └── DataCacheFactoryTest.java
│ │ ├── central
│ │ │ └── CentralSearchTest.java
│ │ ├── composer
│ │ │ └── ComposerLockParserTest.java
│ │ ├── cpe
│ │ │ ├── CpeMemoryIndexTest.java
│ │ │ └── IndexEntryTest.java
│ │ ├── cwe
│ │ │ └── CweDBTest.java
│ │ ├── elixir
│ │ │ └── MixAuditJsonParserTest.java
│ │ ├── golang
│ │ │ └── GoModJsonParserTest.java
│ │ ├── lucene
│ │ │ ├── AlphaNumericFilterTest.java
│ │ │ ├── FieldAnalyzerTest.java
│ │ │ ├── LuceneUtilsTest.java
│ │ │ ├── SearchFieldAnalyzerTest.java
│ │ │ ├── TokenPairConcatenatingFilterTest.java
│ │ │ └── UrlTokenizingFilterTest.java
│ │ ├── nexus
│ │ │ ├── MavenArtifactTest.java
│ │ │ ├── NexusV2SearchTest.java
│ │ │ └── NexusV3SearchTest.java
│ │ ├── nodeaudit
│ │ │ ├── NodeAuditSearchTest.java
│ │ │ └── NpmPayloadBuilderTest.java
│ │ ├── nuget
│ │ │ └── XPathNuspecParserTest.java
│ │ ├── nvd
│ │ │ └── ecosystem
│ │ │ │ ├── CveEcosystemMapperTest.java
│ │ │ │ ├── DescriptionEcosystemMapperTest.java
│ │ │ │ └── UrlEcosystemMapperTest.java
│ │ ├── nvdcve
│ │ │ ├── CveDBIT.java
│ │ │ ├── CveDBMySqlIT.java
│ │ │ ├── CveItemOperatorTest.java
│ │ │ ├── DatabaseManagerTest.java
│ │ │ ├── DatabasePropertiesIT.java
│ │ │ └── DriverLoaderTest.java
│ │ └── update
│ │ │ ├── EngineVersionCheckTest.java
│ │ │ ├── NvdApiDataSourceTest.java
│ │ │ ├── cisa
│ │ │ └── KnownExploitedVulnerabilityParserTest.java
│ │ │ ├── cpe
│ │ │ └── CpeEcosystemCacheTest.java
│ │ │ └── nvd
│ │ │ └── api
│ │ │ └── NvdApiProcessorTest.java
│ │ ├── dependency
│ │ ├── CweSetTest.java
│ │ ├── DependencyTest.java
│ │ ├── EvidenceTest.java
│ │ ├── VulnerabilityTest.java
│ │ └── VulnerableSoftwareTest.java
│ │ ├── reporting
│ │ ├── EscapeToolTest.java
│ │ └── ReportGeneratorIT.java
│ │ ├── resources
│ │ └── DependencyCheckBaseSuppressionTest.java
│ │ ├── utils
│ │ ├── CvssUtilTest.java
│ │ ├── DateUtilTest.java
│ │ ├── DependencyVersionTest.java
│ │ ├── DependencyVersionUtilTest.java
│ │ ├── ExtractionUtilTest.java
│ │ ├── FilterTest.java
│ │ ├── InterpolationUtilTest.java
│ │ ├── PyPACoreMetadataParserTest.java
│ │ ├── SemverTest.java
│ │ ├── SeverityUtilTest.java
│ │ └── UrlStringUtilsTest.java
│ │ └── xml
│ │ ├── XmlEntityTest.java
│ │ ├── XmlInputStreamTest.java
│ │ ├── assembly
│ │ ├── GrokHandlerTest.java
│ │ └── GrokParserTest.java
│ │ ├── hints
│ │ ├── EvidenceMatcherTest.java
│ │ ├── HintHandlerTest.java
│ │ └── HintParserTest.java
│ │ ├── pom
│ │ ├── ModelTest.java
│ │ ├── PomParserTest.java
│ │ ├── PomProjectInputStreamTest.java
│ │ └── PomUtilsTest.java
│ │ └── suppression
│ │ ├── PropertyTypeTest.java
│ │ ├── SuppressionHandlerTest.java
│ │ ├── SuppressionParserTest.java
│ │ └── SuppressionRuleTest.java
│ └── resources
│ ├── ._avro-ipc-1.5.0.jar
│ ├── FileHelpers.2.0.0.0.nupkg
│ ├── MANIFEST.MF
│ ├── archive
│ ├── handle-a.jar
│ └── handle-b.jar
│ ├── assembly
│ ├── sample-grok-error.xml
│ └── sample-grok.xml
│ ├── autoconf
│ ├── binutils
│ │ ├── config.in
│ │ ├── configure
│ │ └── configure.ac
│ ├── ghostscript
│ │ └── configure.ac
│ └── readable-code
│ │ ├── configure
│ │ └── configure.ac
│ ├── avro-ipc-1.5.0.jar
│ ├── bootable-0.1.0.jar
│ ├── cmake
│ ├── README.md
│ ├── cmake-modules
│ │ └── FindFLTK2.cmake
│ ├── libtiff
│ │ └── FindDeflate.cmake
│ ├── opencv
│ │ ├── 3rdparty
│ │ │ └── ffmpeg
│ │ │ │ └── ffmpeg_version.cmake
│ │ ├── CMakeLists.txt
│ │ ├── LICENSE
│ │ └── cmake
│ │ │ ├── FindCUDA.cmake
│ │ │ ├── FindCUDA
│ │ │ ├── make2cmake.cmake
│ │ │ ├── parse_cubin.cmake
│ │ │ └── run_nvcc.cmake
│ │ │ ├── OpenCVCRTLinkage.cmake
│ │ │ ├── OpenCVCompilerOptions.cmake
│ │ │ ├── OpenCVConfig.cmake
│ │ │ ├── OpenCVDetectAndroidSDK.cmake
│ │ │ ├── OpenCVDetectApacheAnt.cmake
│ │ │ ├── OpenCVDetectCStripes.cmake
│ │ │ ├── OpenCVDetectCUDA.cmake
│ │ │ ├── OpenCVDetectCXXCompiler.cmake
│ │ │ ├── OpenCVDetectDirectX.cmake
│ │ │ ├── OpenCVDetectOpenCL.cmake
│ │ │ ├── OpenCVDetectPython.cmake
│ │ │ ├── OpenCVDetectTBB.cmake
│ │ │ ├── OpenCVDetectVTK.cmake
│ │ │ ├── OpenCVExtraTargets.cmake
│ │ │ ├── OpenCVFindIPP.cmake
│ │ │ ├── OpenCVFindIPPAsync.cmake
│ │ │ ├── OpenCVFindIntelPerCSDK.cmake
│ │ │ ├── OpenCVFindLATEX.cmake
│ │ │ ├── OpenCVFindLibsGUI.cmake
│ │ │ ├── OpenCVFindLibsGrfmt.cmake
│ │ │ ├── OpenCVFindLibsPerf.cmake
│ │ │ ├── OpenCVFindLibsVideo.cmake
│ │ │ ├── OpenCVFindMatlab.cmake
│ │ │ ├── OpenCVFindOpenEXR.cmake
│ │ │ ├── OpenCVFindOpenNI.cmake
│ │ │ ├── OpenCVFindOpenNI2.cmake
│ │ │ ├── OpenCVFindWebP.cmake
│ │ │ ├── OpenCVFindXimea.cmake
│ │ │ ├── OpenCVGenABI.cmake
│ │ │ ├── OpenCVGenAndroidMK.cmake
│ │ │ ├── OpenCVGenConfig.cmake
│ │ │ ├── OpenCVGenHeaders.cmake
│ │ │ ├── OpenCVGenInfoPlist.cmake
│ │ │ ├── OpenCVGenPkgconfig.cmake
│ │ │ ├── OpenCVMinDepVersions.cmake
│ │ │ ├── OpenCVModule.cmake
│ │ │ ├── OpenCVPCHSupport.cmake
│ │ │ ├── OpenCVPackaging.cmake
│ │ │ ├── OpenCVUtils.cmake
│ │ │ ├── OpenCVVersion.cmake
│ │ │ ├── checks
│ │ │ ├── OpenCVDetectCudaArch.cu
│ │ │ ├── directx.cpp
│ │ │ ├── opencl.cpp
│ │ │ ├── vfwtest.cpp
│ │ │ └── win32uitest.cpp
│ │ │ ├── cl2cpp.cmake
│ │ │ ├── copyAndroidLibs.cmake
│ │ │ └── templates
│ │ │ ├── OpenCV.mk.in
│ │ │ ├── OpenCVConfig-version.cmake.in
│ │ │ ├── OpenCVConfig.cmake.in
│ │ │ ├── cmake_uninstall.cmake.in
│ │ │ ├── cvconfig.h.in
│ │ │ ├── opencv-XXX.pc.in
│ │ │ ├── opencv_abi.xml.in
│ │ │ ├── opencv_modules.hpp.in
│ │ │ ├── opencv_run_all_tests_android.sh.in
│ │ │ ├── opencv_run_all_tests_unix.sh.in
│ │ │ └── opencv_run_all_tests_windows.cmd.in
│ └── zlib
│ │ ├── CMakeLists.txt
│ │ └── README
│ ├── commons-fileupload-1.2.1.suppression.xml
│ ├── composer.lock
│ ├── dart.addressbook
│ └── pubspec.yaml
│ ├── dart.yaml
│ └── pubspec.yaml
│ ├── dart
│ └── pubspec.lock
│ ├── dependencycheck.properties
│ ├── dwr-pom.xml
│ ├── dwr.jar
│ ├── ecosystem
│ ├── java.ecosystem.txt
│ ├── native.ecosystem.txt
│ ├── nodejs.ecosystem.txt
│ ├── null.ecosystem.txt
│ ├── perl.ecosystem.txt
│ ├── php.ecosystem.txt
│ ├── python.ecosystem.txt
│ └── ruby.ecosystem.txt
│ ├── elixir
│ ├── invalid_executable
│ ├── mix.lock
│ ├── mix_audit
│ │ ├── empty.json
│ │ └── plug.json
│ └── vulnerable
│ │ └── mix.lock
│ ├── evil.zip
│ ├── file.tar
│ ├── file.tar.bz2
│ ├── file.tar.gz
│ ├── file.tbz2
│ ├── file.tgz
│ ├── golang
│ ├── Gopkg.lock
│ ├── Gopkg.toml
│ ├── go.mod
│ └── go.sum
│ ├── hibernate3.jar
│ ├── hints.xml
│ ├── hints_12.xml
│ ├── hints_13.xml
│ ├── hints_invalid.xml
│ ├── incorrectSuppressions.xml
│ ├── javascript
│ ├── angular.safe.js
│ ├── custom.js
│ ├── ember.js
│ └── jquery-1.6.2.js
│ ├── jmockit-1.26.pom
│ ├── libman
│ └── libman.json
│ ├── log4net.2.0.3.nuspec
│ ├── log4net.dll
│ ├── logback-test.xml
│ ├── msbuild
│ ├── Directory.Build.props
│ ├── ProjectA
│ │ ├── Directory.Build.props
│ │ └── ProjectA.csproj
│ ├── ProjectB
│ │ ├── Directory.Build.props
│ │ └── ProjectB.csproj
│ ├── ProjectC
│ │ ├── Directory.Build.props
│ │ └── ProjectC.csproj
│ ├── ProjectD
│ │ ├── Directory.Build.props
│ │ ├── ProjectD.csproj
│ │ └── Version.props
│ ├── ProjectE
│ │ └── ProjectE.csproj
│ ├── ProjectF
│ │ ├── Directory.Packages.props
│ │ └── ProjectF.csproj
│ └── test.csproj
│ ├── mysql-connector-java-5.1.27-bin.jar
│ ├── node-gyp-toml
│ └── pyproject.toml
│ ├── nodeaudit
│ ├── empty.json
│ ├── package-lock.json
│ └── package.json
│ ├── nodejs
│ ├── fake_submodule
│ │ ├── node_modules
│ │ │ ├── braces
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── expand-range
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── fill-range
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── is-buffer
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── is-number
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── isarray
│ │ │ │ ├── .npmignore
│ │ │ │ ├── component.json
│ │ │ │ └── package.json
│ │ │ ├── isobject
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── kind-of
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── math-random
│ │ │ │ └── package.json
│ │ │ ├── preserve
│ │ │ │ ├── .npmignore
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── randomatic
│ │ │ │ ├── LICENSE
│ │ │ │ ├── node_modules
│ │ │ │ │ ├── is-number
│ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ └── package.json
│ │ │ │ │ └── kind-of
│ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ └── package.json
│ │ │ │ └── package.json
│ │ │ ├── repeat-element
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ └── repeat-string
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ ├── package-lock.json
│ │ └── package.json
│ ├── local_package
│ │ ├── mypackage
│ │ │ └── package.json
│ │ ├── node_modules
│ │ │ ├── .package-lock.json
│ │ │ └── mypackage
│ │ ├── package-lock.json
│ │ └── package.json
│ ├── no_lock
│ │ ├── node_modules
│ │ │ ├── braces
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── expand-range
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── fill-range
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── is-buffer
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── is-number
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── isarray
│ │ │ │ ├── .npmignore
│ │ │ │ ├── component.json
│ │ │ │ └── package.json
│ │ │ ├── isobject
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── kind-of
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── math-random
│ │ │ │ └── package.json
│ │ │ ├── preserve
│ │ │ │ ├── .npmignore
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── randomatic
│ │ │ │ ├── LICENSE
│ │ │ │ ├── node_modules
│ │ │ │ │ ├── is-number
│ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ └── package.json
│ │ │ │ │ └── kind-of
│ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ └── package.json
│ │ │ │ └── package.json
│ │ │ ├── repeat-element
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ └── repeat-string
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ └── package.json
│ ├── node_modules
│ │ ├── .yarn-integrity
│ │ ├── braces
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── debug
│ │ │ ├── .coveralls.yml
│ │ │ ├── .eslintrc
│ │ │ ├── .npmignore
│ │ │ ├── LICENSE
│ │ │ ├── component.json
│ │ │ └── package.json
│ │ ├── dns-sync
│ │ │ ├── .npmignore
│ │ │ ├── LICENSE
│ │ │ ├── benchmarks
│ │ │ │ └── package.json
│ │ │ └── package.json
│ │ ├── expand-range
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── fake_submodule
│ │ │ ├── node_modules
│ │ │ │ ├── braces
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── expand-range
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── fill-range
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── is-buffer
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── is-number
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── isarray
│ │ │ │ │ ├── .npmignore
│ │ │ │ │ ├── component.json
│ │ │ │ │ └── package.json
│ │ │ │ ├── isobject
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── kind-of
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── math-random
│ │ │ │ │ └── package.json
│ │ │ │ ├── preserve
│ │ │ │ │ ├── .npmignore
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ ├── randomatic
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ ├── node_modules
│ │ │ │ │ │ ├── is-number
│ │ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ │ └── package.json
│ │ │ │ │ │ └── kind-of
│ │ │ │ │ │ │ ├── LICENSE
│ │ │ │ │ │ │ └── package.json
│ │ │ │ │ └── package.json
│ │ │ │ ├── repeat-element
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ └── repeat-string
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ ├── package-lock.json
│ │ │ └── package.json
│ │ ├── fill-range
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── is-buffer
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── is-number
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── isarray
│ │ │ ├── .npmignore
│ │ │ ├── component.json
│ │ │ └── package.json
│ │ ├── isobject
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── js-tokens
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── kind-of
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── lighter-config
│ │ │ └── package.json
│ │ ├── lighter-run
│ │ │ └── package.json
│ │ ├── loose-envify
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── math-random
│ │ │ └── package.json
│ │ ├── ms
│ │ │ └── package.json
│ │ ├── object-assign
│ │ │ ├── license
│ │ │ └── package.json
│ │ ├── pause-stream
│ │ │ ├── .npmignore
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── preserve
│ │ │ ├── .npmignore
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── prop-types
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── randomatic
│ │ │ ├── LICENSE
│ │ │ ├── node_modules
│ │ │ │ ├── is-number
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ │ └── kind-of
│ │ │ │ │ ├── LICENSE
│ │ │ │ │ └── package.json
│ │ │ └── package.json
│ │ ├── react-dom
│ │ │ ├── LICENSE
│ │ │ ├── build-info.json
│ │ │ └── package.json
│ │ ├── react-is
│ │ │ ├── LICENSE
│ │ │ ├── build-info.json
│ │ │ └── package.json
│ │ ├── repeat-element
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── repeat-string
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── scheduler
│ │ │ ├── LICENSE
│ │ │ ├── build-info.json
│ │ │ └── package.json
│ │ ├── shelljs
│ │ │ ├── .documentup.json
│ │ │ ├── .npmignore
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ └── through
│ │ │ ├── LICENSE.APACHE2
│ │ │ ├── LICENSE.MIT
│ │ │ └── package.json
│ ├── npm-shrinkwrap.json
│ ├── package-lock.json
│ ├── package.json
│ ├── test_lockv2
│ │ ├── node_modules
│ │ │ ├── is-buffer
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── is-number
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ ├── isarray
│ │ │ │ └── package.json
│ │ │ ├── isobject
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ │ └── kind-of
│ │ │ │ ├── LICENSE
│ │ │ │ └── package.json
│ │ ├── package-lock.json
│ │ └── package.json
│ └── test_lockv3
│ │ ├── node_modules
│ │ ├── is-buffer
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── is-number
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── isarray
│ │ │ └── package.json
│ │ ├── isobject
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ └── kind-of
│ │ │ ├── LICENSE
│ │ │ └── package.json
│ │ ├── package-lock.json
│ │ └── package.json
│ ├── nugetconf
│ └── packages.config
│ ├── nuspec
│ └── test.nuspec
│ ├── openssl
│ └── opensslv.h
│ ├── other-suppressions.xml
│ ├── pip
│ ├── Pipfile
│ └── Pipfile.lock
│ ├── pnpmaudit
│ ├── fake_submodule
│ │ ├── package-lock.json
│ │ └── package.json
│ ├── package.json
│ ├── pnpm-audit.json
│ └── pnpm-lock.yaml
│ ├── poetry.lock
│ ├── pom
│ ├── mailapi-1.4.3.pom
│ ├── mailapi-1.4.3_doctype.pom
│ ├── mailapi-1.4.3_projectcomment.pom
│ ├── plexus-utils-3.0.24.pom
│ └── pom-with-new-line.xml
│ ├── python-myproject-toml
│ └── pyproject.toml
│ ├── python-poetry-toml
│ └── pyproject.toml
│ ├── python
│ ├── Django-1.7.2-py2.py3-none-any.whl
│ ├── dist
│ │ ├── EggTest-0.0.1-py2.7.egg
│ │ └── EggTest-0.0.1-py2.7.zip
│ ├── eggtest
│ │ ├── __about__.py
│ │ ├── __init__.py
│ │ ├── __init__.pyc
│ │ ├── main.py
│ │ └── main.pyc
│ ├── setup.py
│ └── site-packages
│ │ ├── Django-1.7.2.data
│ │ └── scripts
│ │ │ └── django-admin.py
│ │ ├── Django-1.7.2.dist-info
│ │ ├── DESCRIPTION.rst
│ │ ├── LICENSE.txt
│ │ ├── METADATA
│ │ ├── WHEEL
│ │ ├── entry_points.txt
│ │ ├── metadata.json
│ │ └── top_level.txt
│ │ ├── EggTest-0.0.1-py2.7.egg
│ │ ├── EGG-INFO
│ │ │ ├── PKG-INFO
│ │ │ ├── SOURCES.txt
│ │ │ ├── dependency_links.txt
│ │ │ ├── top_level.txt
│ │ │ └── zip-safe
│ │ └── eggtest
│ │ │ ├── __about__.py
│ │ │ ├── __about__.pyc
│ │ │ ├── __init__.py
│ │ │ ├── __init__.pyc
│ │ │ ├── main.py
│ │ │ └── main.pyc
│ │ ├── EggTest.egg-info
│ │ ├── PKG-INFO
│ │ ├── SOURCES.txt
│ │ ├── dependency_links.txt
│ │ └── top_level.txt
│ │ └── django
│ │ ├── __init__.py
│ │ └── shortcuts.py
│ ├── ruby
│ ├── invalid-bundle-audit
│ └── vulnerable
│ │ └── gems
│ │ ├── rails-4.1.15
│ │ ├── Gemfile
│ │ ├── Gemfile.lock
│ │ └── vendor
│ │ │ └── bundle
│ │ │ └── ruby
│ │ │ └── 2.2.0
│ │ │ ├── gems
│ │ │ └── pg-0.18.4
│ │ │ │ └── Rakefile
│ │ │ └── specifications
│ │ │ └── dalli-2.7.5.gemspec
│ │ ├── sinatra
│ │ ├── Gemfile
│ │ └── Gemfile.lock
│ │ └── specifications
│ │ ├── activerecord-oracle_enhanced-adapter-1.1.7.gemspec
│ │ ├── i18n-0.7.0.gemspec
│ │ ├── mail-2.4.3.gemspec
│ │ ├── mime-types-1.25.1.gemspec
│ │ ├── netrc-0.10.3.gemspec
│ │ ├── polyglot-0.3.5.gemspec
│ │ ├── rest-client-1.7.2.gemspec
│ │ └── treetop-1.4.15.gemspec
│ ├── stagedhttp-modified.tar
│ ├── struts-1.2.9-162.35.1.uyuni.noarch.rpm
│ ├── struts.zip
│ ├── suppressions.xml
│ ├── suppressions_1_1.xml
│ ├── suppressions_1_2.xml
│ ├── suppressions_1_3.xml
│ ├── swift
│ ├── Gloss
│ │ ├── Gloss.podspec
│ │ └── Package.swift
│ ├── carthage
│ │ └── Cartfile.resolved
│ ├── cocoapods
│ │ ├── EasyPeasy.podspec
│ │ ├── Podfile
│ │ └── Podfile.lock
│ ├── spm
│ │ └── Package.resolved
│ ├── spmV2
│ │ └── Package.resolved
│ └── spmV3
│ │ └── Package.resolved
│ ├── test.properties
│ ├── test.zip
│ ├── uber-1.0-SNAPSHOT.jar
│ ├── update
│ └── cisa
│ │ └── known_exploited_vulnerabilities.json
│ ├── xmlsec-2.0.7-3.7.uyuni.noarch.rpm
│ └── yarn
│ ├── yarn-berry-audit-no-vulnerability
│ ├── .yarn
│ │ ├── install-state.gz
│ │ └── releases
│ │ │ └── yarn-4.6.0.cjs
│ ├── .yarnrc.yml
│ ├── node_modules
│ │ └── .yarn-state.yml
│ ├── package.json
│ └── yarn.lock
│ ├── yarn-berry-audit
│ ├── .yarn
│ │ └── releases
│ │ │ └── yarn-4.6.0.cjs
│ ├── .yarnrc.yml
│ ├── package.json
│ └── yarn.lock
│ └── yarn-classic-audit
│ ├── package.json
│ └── yarn.lock
├── coverity_scan.sh
├── docker-pullcount.sh
├── list-changes.sh
├── maven
├── LICENSE.txt
├── NOTICE.txt
├── README.md
├── pom.xml
└── src
│ ├── it
│ ├── 1512-transitive-test
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 1527-aggregate-updated-dependencies
│ │ ├── invoker.properties
│ │ ├── new
│ │ │ ├── ear
│ │ │ │ └── pom.xml
│ │ │ ├── lib
│ │ │ │ ├── pom.xml
│ │ │ │ └── src
│ │ │ │ │ └── main
│ │ │ │ │ └── resources
│ │ │ │ │ └── dummy.properties
│ │ │ ├── pom.xml
│ │ │ └── war
│ │ │ │ ├── pom.xml
│ │ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── old
│ │ │ ├── ear
│ │ │ │ └── pom.xml
│ │ │ ├── lib
│ │ │ │ ├── pom.xml
│ │ │ │ └── src
│ │ │ │ │ └── main
│ │ │ │ │ └── resources
│ │ │ │ │ └── dummy.properties
│ │ │ ├── pom.xml
│ │ │ └── war
│ │ │ │ ├── pom.xml
│ │ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 1551-verify-dependency-management
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 1677-dependency-management
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 1751-use-child-repositories
│ │ ├── 1751-child-one
│ │ │ └── pom.xml
│ │ ├── 1751-child-two
│ │ │ └── pom.xml
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 2494-managed-reactor-dependencies
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ ├── sibling1
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── resources
│ │ │ │ └── dummy.properties
│ │ └── sibling2
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ └── main
│ │ │ └── resources
│ │ │ └── dummy.properties
│ ├── 3679-classifier-in-dependency
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 3721-metaversion-dependencies
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 3730-classifier-in-dependency-aggregate
│ │ ├── childOne
│ │ │ └── pom.xml
│ │ ├── childTwo
│ │ │ └── pom.xml
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 3944-multimodule-virtual-duplication
│ │ ├── invoker.properties
│ │ ├── lib
│ │ │ └── pom.xml
│ │ ├── lib2
│ │ │ └── pom.xml
│ │ ├── lib3
│ │ │ └── pom.xml
│ │ ├── lib4
│ │ │ └── pom.xml
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 4397-metaversion-for-transitive-dependency
│ │ ├── dep
│ │ │ └── pom.xml
│ │ ├── invoker.properties
│ │ ├── main
│ │ │ └── pom.xml
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 617-hierarchical-cross-deps
│ │ ├── invoker.properties
│ │ ├── module-java
│ │ │ └── pom.xml
│ │ ├── module-web
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 618-aggregator-update-only
│ │ ├── invoker.properties
│ │ ├── module
│ │ │ └── pom.xml
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 629-jackson-dataformat
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 690-threadsafety
│ │ ├── first-a
│ │ │ └── pom.xml
│ │ ├── first-b
│ │ │ └── pom.xml
│ │ ├── first
│ │ │ └── pom.xml
│ │ ├── fourth-a
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── fourth-b
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── fourth
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ ├── postbuild.groovy
│ │ ├── second-a
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── second-b
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── second
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── third-a
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ ├── third-b
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ └── third
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ └── main
│ │ │ └── webapp
│ │ │ └── WEB-INF
│ │ │ └── web.xml
│ ├── 710-pom-parse-error
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── 730-multiple-suppression-files-configs
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ ├── postbuild.groovy
│ │ ├── test-suppression1.xml
│ │ └── test-suppression2.xml
│ ├── 740-aggregate
│ │ ├── first
│ │ │ └── pom.xml
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ ├── postbuild.groovy
│ │ ├── second
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ ├── main
│ │ │ │ └── webapp
│ │ │ │ │ └── WEB-INF
│ │ │ │ │ └── web.xml
│ │ │ │ └── test
│ │ │ │ └── HelloWorld.js
│ │ └── third
│ │ │ ├── fourth
│ │ │ ├── pom.xml
│ │ │ └── src
│ │ │ │ └── main
│ │ │ │ └── webapp
│ │ │ │ └── WEB-INF
│ │ │ │ └── web.xml
│ │ │ └── pom.xml
│ ├── 815-broken-suppression-aggregate
│ │ ├── broken-suppression.xml
│ │ ├── invoker.properties
│ │ └── pom.xml
│ ├── 846-site-plugin
│ │ ├── invoker.properties
│ │ └── pom.xml
│ └── artifactory-analyzer
│ │ ├── invoker.properties
│ │ ├── pom.xml
│ │ └── postbuild.groovy
│ ├── main
│ ├── java
│ │ └── org
│ │ │ └── owasp
│ │ │ └── dependencycheck
│ │ │ └── maven
│ │ │ ├── AggregateMojo.java
│ │ │ ├── ArtifactScopeExcluded.java
│ │ │ ├── ArtifactTypeExcluded.java
│ │ │ ├── BaseDependencyCheckMojo.java
│ │ │ ├── CheckMojo.java
│ │ │ ├── CollectingRootDependencyGraphVisitor.java
│ │ │ ├── FilteringDependencyTransitiveNodeVisitor.java
│ │ │ ├── Mshared998Util.java
│ │ │ ├── ProxyConfig.java
│ │ │ ├── PurgeMojo.java
│ │ │ ├── Retirejs.java
│ │ │ ├── UpdateMojo.java
│ │ │ └── package-info.java
│ └── resources
│ │ ├── META-INF
│ │ └── licenses
│ │ │ └── maven
│ │ │ └── LICENSE.txt
│ │ └── mojo.properties
│ ├── site
│ ├── markdown
│ │ ├── configuration.md
│ │ └── index.md.vm
│ ├── resources
│ │ └── images
│ │ │ └── dc-maven.svg
│ └── site.xml
│ └── test
│ ├── java
│ └── org
│ │ └── owasp
│ │ └── dependencycheck
│ │ └── maven
│ │ ├── ArtifactScopeExcludedTest.java
│ │ ├── ArtifactTypeExcludedTest.java
│ │ ├── BaseDependencyCheckMojoTest.java
│ │ └── BaseTest.java
│ └── resources
│ ├── dir_containing_maven_poms_declared_as_modules_in_another_pom
│ └── serverlibs.pom
│ ├── dir_without_pom
│ └── .gitkeep
│ ├── maven_project_base_dir
│ └── pom.xml
│ ├── mojo.properties
│ └── sample.xml
├── pom.xml
├── prepare-release.sh
├── publish-docker.sh
├── release_stats.sh
├── settings.xml
├── sha256_cli.sh
├── shell-docker.sh
├── src
├── main
│ ├── config
│ │ ├── checkstyle-checks.xml
│ │ ├── checkstyle-header.txt
│ │ ├── checkstyle-suppressions.xml
│ │ ├── spotbugs_excludes.xml
│ │ └── version-rules.xml
│ └── site-resources
│ │ └── current.txt
├── site
│ ├── markdown
│ │ ├── analyzers
│ │ │ ├── archive-analyzer.md
│ │ │ ├── assembly-analyzer.md
│ │ │ ├── autoconf.md
│ │ │ ├── bundle-audit.md
│ │ │ ├── carthage.md
│ │ │ ├── central-analyzer.md
│ │ │ ├── cmake.md
│ │ │ ├── cocoapods.md
│ │ │ ├── composer-lock.md
│ │ │ ├── cpanfile.md
│ │ │ ├── dart.md
│ │ │ ├── golang-dep.md
│ │ │ ├── golang-mod.md
│ │ │ ├── index.md
│ │ │ ├── jar-analyzer.md
│ │ │ ├── msbuild.md
│ │ │ ├── nexus-analyzer.md
│ │ │ ├── node-audit-analyzer.md
│ │ │ ├── nodejs.md
│ │ │ ├── nugetconf-analyzer.md
│ │ │ ├── nuspec-analyzer.md
│ │ │ ├── openssl.md
│ │ │ ├── oss-index-analyzer.md
│ │ │ ├── pe-analyzer.md
│ │ │ ├── pip.md
│ │ │ ├── python.md
│ │ │ ├── retirejs-analyzer.md
│ │ │ ├── ruby-gemspec.md
│ │ │ └── swift.md
│ │ ├── data
│ │ │ ├── cache-action.md
│ │ │ ├── cacheh2.md
│ │ │ ├── cachenvd.md
│ │ │ ├── database.md.vm
│ │ │ ├── index.md
│ │ │ ├── mirrornvd.md
│ │ │ ├── ossindex.md
│ │ │ ├── proxy.md
│ │ │ ├── tlsfailure.md
│ │ │ └── upgrade.md
│ │ ├── dependency-check-gradle
│ │ │ ├── configuration-aggregate.md
│ │ │ ├── configuration-purge.md
│ │ │ ├── configuration-update.md
│ │ │ ├── configuration.md
│ │ │ └── index.md.vm
│ │ ├── dependency-check-jenkins
│ │ │ └── index.md
│ │ ├── general
│ │ │ ├── hints.md
│ │ │ ├── internals.md
│ │ │ ├── scan_iso.md
│ │ │ ├── suppression.md
│ │ │ └── thereport.md
│ │ ├── index.md
│ │ ├── modules.md
│ │ └── related.md
│ ├── resources
│ │ ├── favicon
│ │ ├── general
│ │ │ ├── SampleReport.html
│ │ │ ├── dependency-check.pdf
│ │ │ └── dependency-check.pptx
│ │ ├── hb_nvd
│ │ │ ├── nvdcve-1.1-2022.json.gz
│ │ │ ├── nvdcve-1.1-2022.meta
│ │ │ ├── nvdcve-1.1-modified.json.gz
│ │ │ └── nvdcve-1.1-modified.meta
│ │ ├── images
│ │ │ ├── dc-gradle.svg
│ │ │ ├── dc-jenkins.svg
│ │ │ ├── dc.svg
│ │ │ ├── logo.svg
│ │ │ └── logos
│ │ │ │ ├── jprofiler.png
│ │ │ │ └── logo_intellij_idea.png
│ │ ├── js
│ │ │ ├── package-url.js
│ │ │ └── purl.js
│ │ └── purl.html
│ └── site.xml
└── test
│ ├── manual-test-proxy-auth
│ ├── Readme.md
│ ├── debian.conf.override
│ ├── squid-auth-for-localnet.conf
│ ├── start-docker-squidproxy-with-auth
│ ├── stop-docker-squidproxy-with-auth
│ └── user-proxy-passwd-insecure
│ └── resources
│ ├── Pipfile
│ ├── aopalliance-1.0.jar
│ ├── axis-1.4.jar
│ ├── commons-cli-1.2.jar
│ ├── commons-validator-1.4.0.jar
│ ├── data.zip
│ ├── install.json
│ ├── jaxb-xercesImpl-1.5.jar
│ ├── maven_install_v010.json
│ ├── maven_install_v2.json
│ ├── org.mortbay.jetty.jar
│ ├── org.mortbay.jmx.jar
│ ├── requirements.txt
│ ├── spring-core-3.0.0.RELEASE.jar
│ ├── struts.jar
│ └── velocity-1.7.jar
├── test-docker.sh
└── utils
├── pom.xml
└── src
├── main
└── java
│ └── org
│ └── owasp
│ └── dependencycheck
│ └── utils
│ ├── Checksum.java
│ ├── DownloadFailedException.java
│ ├── Downloader.java
│ ├── ExpectedObjectInputStream.java
│ ├── ExplicitCharsetToStringResponseHandler.java
│ ├── ExtractionException.java
│ ├── FileUtils.java
│ ├── ForbiddenException.java
│ ├── HC5CredentialHelper.java
│ ├── InvalidSettingException.java
│ ├── JsonArrayFixingInputStream.java
│ ├── ResourceNotFoundException.java
│ ├── SaveToFileResponseHandler.java
│ ├── Settings.java
│ ├── ToXMLDocumentResponseHandler.java
│ ├── TooManyRequestsException.java
│ ├── URLConnectionFailureException.java
│ ├── XmlUtils.java
│ ├── package-info.java
│ ├── processing
│ ├── ProcessReader.java
│ ├── Processor.java
│ └── package-info.java
│ └── search
│ ├── FileContentSearch.java
│ └── package-info.java
├── site
├── markdown
│ └── index.md
├── resources
│ └── images
│ │ └── dc-utils.svg
└── site.xml
└── test
├── java
└── org
│ └── owasp
│ └── dependencycheck
│ └── utils
│ ├── BaseTest.java
│ ├── ChecksumTest.java
│ ├── DownloaderIT.java
│ ├── ExpectedObjectInputStreamTest.java
│ ├── FileUtilsTest.java
│ ├── JsonArrayFixingInputStreamTest.java
│ ├── SettingsTest.java
│ ├── SimplePojo.java
│ └── search
│ └── FileContentSearchTest.java
└── resources
├── SearchTest.txt
├── checkSumTest.file
├── dependencycheck.properties
├── logback-test.xml
└── test.properties
/.gitattributes:
--------------------------------------------------------------------------------
1 | *.html linguist-documentation
2 | (^|/)site/) linguist-documentation
3 | src/test/resources/* linguist-vendored
4 | cli/src/test/resources/* linguist-vendored
5 | core/src/test/resources/* linguist-vendored
6 | maven/src/test/resources/* linguist-vendored
7 | ant/src/test/resources/* linguist-vendored
8 | utils/src/test/resources/* linguist-vendored
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 |
3 | github: jeremylong
4 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/ask-a-question.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Ask a question
3 | about: Have a question about dependency-check?
4 | title: ''
5 | labels: question
6 | assignees: ''
7 |
8 | ---
9 |
10 |
11 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: Create a report to help us improve
4 | title: ''
5 | labels: bug
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Precondition**
11 | - [ ] I checked the issues list for existing open or closed reports of the same problem.
12 |
13 | **Describe the bug**
14 | A clear and concise description of what the bug is.
15 |
16 | **Version of dependency-check used**
17 | The problem occurs using version X.X.X of the ____ (cli, gradle plugin, maven plugin, etc.)
18 |
19 | **Log file**
20 | When reporting errors, 99% of the time log file output is required. Please post the log file as a [gist](https://gist.github.com/) and provide a link in the new issue.
21 |
22 | **To Reproduce**
23 | Steps to reproduce the behavior:
24 | 1. Go to '...'
25 | 2. Click on '....'
26 | 3. Scroll down to '....'
27 | 4. See error
28 |
29 | **Expected behavior**
30 | A clear and concise description of what you expected to happen.
31 |
32 | **Additional context**
33 | Add any other context about the problem here.
34 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Feature request
3 | about: Suggest an idea for this project
4 | title: ''
5 | labels: enhancement
6 | assignees: ''
7 |
8 | ---
9 |
10 | **Is your feature request related to a problem? Please describe.**
11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
12 |
13 | **Describe the solution you'd like**
14 | A clear and concise description of what you want to happen.
15 |
16 | **Describe alternatives you've considered**
17 | A clear and concise description of any alternative solutions or features you've considered.
18 |
19 | **Additional context**
20 | Add any other context or screenshots about the feature request here.
21 |
--------------------------------------------------------------------------------
/.github/boring-cyborg.yml:
--------------------------------------------------------------------------------
1 | labelPRBasedOnFilePath:
2 | core:
3 | - core/**/*
4 | utils:
5 | - utils/**/*
6 | ant:
7 | - ant/**/*
8 | cli:
9 | - cli/**/*
10 | maven:
11 | - maven/**/*
12 | tests:
13 | - core/src/test/**/*
14 | - utils/src/test/**/*
15 | - ant/src/test/**/*
16 | - cli/src/test/**/*
17 | - maven/src/it/**/*
18 | - maven/src/test/**/*
19 | documentation:
20 | - core/src/site/**/*
21 | - utils/src/site/**/*
22 | - ant/src/site/**/*
23 | - cli/src/site/**/*
24 | - maven/src/site/**/*
25 | - src/site/**/*
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: "maven"
4 | directory: "/"
5 | schedule:
6 | interval: "daily"
7 | - package-ecosystem: "github-actions"
8 | directory: "/"
9 | schedule:
10 | interval: "daily"
11 | - package-ecosystem: "docker"
12 | directory: "/"
13 | schedule:
14 | interval: "daily"
15 |
--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
1 | ## Description of Change
2 |
3 |
6 |
7 | ## Related issues
8 |
9 |
14 |
15 | ## Have test cases been added to cover the new functionality?
16 |
17 | *yes/no*
--------------------------------------------------------------------------------
/.github/workflows/false-positive-cleanup.yml:
--------------------------------------------------------------------------------
1 | name: False Positive Cleanup
2 | on:
3 | workflow_dispatch:
4 | schedule:
5 | - cron: '0 8 * * *'
6 |
7 | permissions: {}
8 | jobs:
9 | cleanup:
10 | permissions:
11 | actions: write # to delete workflow runs
12 |
13 | runs-on: ubuntu-latest
14 | steps:
15 | - name: Delete workflow runs
16 | uses: Mattraks/delete-workflow-runs@v2
17 | with:
18 | token: ${{ github.token }}
19 | repository: ${{ github.repository }}
20 | retain_days: 0
21 | keep_minimum_runs: 0
22 | delete_workflow_pattern: 'false-positive'
23 | delete_run_by_conclusion_pattern: 'skipped'
24 |
--------------------------------------------------------------------------------
/.github/workflows/files/maven-pom.end:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | org.owasp
6 | dependency-check-maven
7 | ${plugins.odc.version}
8 |
9 |
10 | HTML
11 | SARIF
12 |
13 | true
14 | 11
15 | false
16 | true
17 |
18 |
19 |
20 |
21 | aggregate
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/.github/workflows/files/maven-pom.start:
--------------------------------------------------------------------------------
1 |
2 |
3 | 4.0.0
4 | org.testing
5 | falsepositives
6 | 0.1-SNAPSHOT
7 | jar
8 |
9 | UTF-8
10 | 1.8
11 | 1.8
12 |
--------------------------------------------------------------------------------
/.github/workflows/lint-pr.yml:
--------------------------------------------------------------------------------
1 | name: "Lint PR"
2 |
3 | on:
4 | pull_request_target:
5 | types:
6 | - opened
7 | - edited
8 | - synchronize
9 |
10 | permissions:
11 | contents: read
12 |
13 | jobs:
14 | main:
15 | name: Validate PR title
16 | permissions:
17 | pull-requests: read
18 | statuses: write
19 | runs-on: ubuntu-latest
20 | steps:
21 | - uses: amannn/action-semantic-pull-request@v5.5.3
22 | env:
23 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--------------------------------------------------------------------------------
/.github/workflows/lock.yml:
--------------------------------------------------------------------------------
1 | name: 'Lock Threads'
2 |
3 | on:
4 | schedule:
5 | - cron: '0 3 * * *'
6 | workflow_dispatch:
7 |
8 | permissions:
9 | issues: write
10 | pull-requests: write
11 | discussions: write
12 |
13 | concurrency:
14 | group: lock-threads
15 |
16 | jobs:
17 | action:
18 | runs-on: ubuntu-latest
19 | steps:
20 | - uses: dessant/lock-threads@v5
21 | with:
22 | issue-inactive-days: '30'
23 | pr-inactive-days: '30'
24 | discussion-inactive-days: '30'
25 |
--------------------------------------------------------------------------------
/.java-version:
--------------------------------------------------------------------------------
1 | 11.0
2 |
--------------------------------------------------------------------------------
/NOTICE.txt:
--------------------------------------------------------------------------------
1 | dependency-check
2 |
3 | Copyright (c) 2012-2025 OWASP Dependency-Check Contributors. All Rights Reserved.
4 |
5 | The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
6 |
7 | This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
8 |
9 | This product includes software developed by Jquery.com (http://jquery.com/).
10 |
11 | This product includes software developed by Jonathan Hedley (jsoup.org)
12 |
13 | This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
14 | An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
15 |
16 | This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
17 |
18 | This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | # Security Policy
2 |
3 | ## Supported Versions
4 |
5 | | Version | Supported |
6 | | ----------|--------------------|
7 | | 10.0.2+ | :white_check_mark: |
8 | | <= 10.0.1 | :x: |
9 |
10 | ## Reporting a Vulnerability
11 |
12 | If a security vulnerability is identified in dependency-check please
13 | open an [issue](https://github.com/dependency-check/DependencyCheck/issues/new/choose)
14 | and/or submit a PR to resolve the identified vulnerability.
15 |
16 | The team is very responsive to reported vulnerabilities - historically having reported issues resolved in 30 days or less.
17 |
18 | Note - there are several vulnerable test dependencies and test resources. These are never executed or included in a release; these vulnerable resources are present so that the functionality of dependency-check can be tested (i.e. it correctly identifies the given vulnerable test dependency).
19 |
--------------------------------------------------------------------------------
/ant/NOTICE.txt:
--------------------------------------------------------------------------------
1 | OWASP dependency-check
2 |
3 | Copyright (c) 2012-2015 Jeremy Long. All Rights Reserved.
4 |
5 | The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
6 |
7 | This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
8 |
9 | This product includes software developed by Jquery.com (http://jquery.com/).
10 |
11 | This product includes software developed by Jonathan Hedley (jsoup.org)
12 |
13 | This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
14 | An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
15 |
16 | This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
17 |
18 | This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
19 |
--------------------------------------------------------------------------------
/ant/src/main/java/org/owasp/dependencycheck/ant/logging/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * This package includes the Ant task definitions.
3 | */
4 | package org.owasp.dependencycheck.ant.logging;
5 |
--------------------------------------------------------------------------------
/ant/src/main/java/org/owasp/dependencycheck/taskdefs/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * This package includes the a slf4j logging implementation that wraps the Ant logger.
3 | */
4 | package org.owasp.dependencycheck.taskdefs;
5 |
--------------------------------------------------------------------------------
/ant/src/main/java/org/slf4j/impl/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * This package contains the static binder for the slf4j-ant logger.
3 | */
4 | package org.slf4j.impl;
5 |
--------------------------------------------------------------------------------
/ant/src/main/resources/dependency-check-taskdefs.properties:
--------------------------------------------------------------------------------
1 | dependency-check=org.owasp.dependencycheck.taskdefs.Check
2 | dependency-check-purge=org.owasp.dependencycheck.taskdefs.Purge
3 | dependency-check-update=org.owasp.dependencycheck.taskdefs.Update
4 |
--------------------------------------------------------------------------------
/ant/src/main/resources/task.properties:
--------------------------------------------------------------------------------
1 | # the path to the data directory
2 | data.directory=data/11.0
3 |
--------------------------------------------------------------------------------
/ant/src/test/resources/test-suppression1.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
21 |
24 | .*axis-1\.4\.jar
25 | cpe:/a:apache:axis
26 |
27 |
28 |
--------------------------------------------------------------------------------
/archetype/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.analyzer.Analyzer:
--------------------------------------------------------------------------------
1 | ${package}.${analyzerName}
--------------------------------------------------------------------------------
/archetype/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/archetype/src/main/resources/archetype-resources/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource
--------------------------------------------------------------------------------
/archetype/src/main/resources/archetype-resources/src/test/resources/test.file:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/archetype/src/main/resources/archetype-resources/src/test/resources/test.file
--------------------------------------------------------------------------------
/archetype/src/site/markdown/index.md.vm:
--------------------------------------------------------------------------------
1 | About
2 | =====
3 | OWASP dependency-check-plugin is a maven archetype for generating a maven project for
4 | a dependency-check plugin (i.e. a project containing one or more analyzers).
5 |
6 | Usage
7 | =====
8 | ```bash
9 | mvn archetype:generate -DarchetypeGroupId=org.owasp -DarchetypeArtifactId=dependency-check-plugin -DarchetypeVersion=${project.version}
10 | ```
11 |
--------------------------------------------------------------------------------
/build-docker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | VERSION=$(mvn -q \
4 | -Dexec.executable="echo" \
5 | -Dexec.args='${project.version}' \
6 | --non-recursive \
7 | org.codehaus.mojo:exec-maven-plugin:1.3.1:exec)
8 |
9 | FILE=./cli/target/dependency-check-$VERSION-release.zip
10 | if [ -f "$FILE" ]; then
11 | docker build . --build-arg VERSION=$VERSION -t owasp/dependency-check:$VERSION
12 | if [[ ! $VERSION = *"SNAPSHOT"* ]]; then
13 | docker tag owasp/dependency-check:$VERSION owasp/dependency-check:latest
14 | fi
15 | else
16 | echo "$FILE does not exist - run 'mvn package' first"
17 | exit 1
18 | fi
19 |
--------------------------------------------------------------------------------
/cli/NOTICE.txt:
--------------------------------------------------------------------------------
1 | dependency-check-cli
2 |
3 | Copyright (c) 2013 Jeremy Long. All Rights Reserved.
4 |
5 | The licenses for the software listed below can be found in the licenses.
6 |
7 | This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
8 |
9 | This product includes software developed by Jquery.com (http://jquery.com/).
10 |
11 | This product includes software developed by Jonathan Hedley (jsoup.org)
12 |
13 | This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
14 | An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
15 |
16 | This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
17 |
18 | This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
--------------------------------------------------------------------------------
/cli/src/main/assembly/license.txt:
--------------------------------------------------------------------------------
1 |
2 | Copyright (c) 2012-2013 Jeremy Long. All rights reserved.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | ----------------------------------------------------------------------------
16 |
--------------------------------------------------------------------------------
/cli/src/main/java/org/owasp/dependencycheck/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Includes the main entry point for the DependencyChecker.
3 | */
4 | package org.owasp.dependencycheck;
5 |
--------------------------------------------------------------------------------
/cli/src/main/resources/logback.xml:
--------------------------------------------------------------------------------
1 |
2 | dependency-check
3 |
4 | System.out
5 |
6 | INFO
7 |
8 |
9 | [%level] %msg%n
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/cli/src/test/resources/checkSumTest.file:
--------------------------------------------------------------------------------
1 | this is a test file used to check the checksums.
--------------------------------------------------------------------------------
/core/NOTICE.txt:
--------------------------------------------------------------------------------
1 | dependency-check
2 |
3 | Copyright (c) 2012-2013 Jeremy Long. All Rights Reserved.
4 |
5 | The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
6 |
7 | This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
8 |
9 | This product includes software developed by Jquery.com (http://jquery.com/).
10 |
11 | This product includes software developed by Jonathan Hedley (jsoup.org)
12 |
13 | This software contains unmodified binary redistributions for H2 database engine (http://www.h2database.com/), which is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
14 | An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
15 |
16 | This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
17 |
18 | This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
--------------------------------------------------------------------------------
/core/README.md:
--------------------------------------------------------------------------------
1 | Dependency-Check-Core
2 | ================
3 |
4 | Dependency-Check-Core is the main engine used by all of the other modules to do the analysis and reporting.
5 |
6 | Copyright & License
7 | ------------
8 |
9 | Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
10 |
11 | Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://raw.githubusercontent.com/dependency-check/DependencyCheck/main/LICENSE.txt) file for the full license.
12 |
13 | Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt][notices] file for more information.
14 |
15 |
16 | [wiki]: https://github.com/dependency-check/DependencyCheck/wiki
17 | [notices]: https://github.com/dependency-check/DependencyCheck/blob/main/NOTICE.txt
18 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/agent/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * The agent package holds an agent API that can be used by other applications that have information about dependencies; but would
3 | * rather implement something in their code directly rather then spawn a process to run the entire dependency-check engine. This
4 | * basically provides programmatic access to running a scan.
5 | */
6 | package org.owasp.dependencycheck.agent;
7 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/analyzer/FileTypeAnalyzer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of dependency-check-core.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | */
18 | package org.owasp.dependencycheck.analyzer;
19 |
20 | import java.io.FileFilter;
21 |
22 | /**
23 | * An Analyzer that scans specific file types.
24 | *
25 | * @author Jeremy Long
26 | */
27 | public interface FileTypeAnalyzer extends Analyzer, FileFilter {
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/analyzer/exception/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * A collection of exception classes used within the analyzers.
3 | */
4 | package org.owasp.dependencycheck.analyzer.exception;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/analyzer/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
3 | */
4 | package org.owasp.dependencycheck.analyzer;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/artifactory/ChecksumsImpl.java:
--------------------------------------------------------------------------------
1 | package org.owasp.dependencycheck.data.artifactory;
2 |
3 | /**
4 | * Copied from JFrog's artifactory client.
5 | *
6 | * @see
7 | * artifactory-client-java
8 | *
9 | * @author jbaruch
10 | * @since 29/07/12
11 | */
12 | public class ChecksumsImpl {
13 |
14 | private String md5;
15 | private String sha1;
16 | private String sha256;
17 |
18 | public String getMd5() {
19 | return md5;
20 | }
21 |
22 | public void setMd5(String md5) {
23 | this.md5 = md5;
24 | }
25 |
26 | public String getSha1() {
27 | return sha1;
28 | }
29 |
30 | public void setSha1(String sha1) {
31 | this.sha1 = sha1;
32 | }
33 |
34 | public String getSha256() {
35 | return sha256;
36 | }
37 |
38 | public void setSha256(String sha256) {
39 | this.sha256 = sha256;
40 | }
41 |
42 | }
43 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/artifactory/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * Contains classes related to searching Artifactory Maven repository.
4 | *
5 | * These are used to abstractArtifactory searching away from OWASP Dependency Check so they can be reused elsewhere.
6 | *
7 | * Data classes copied from JFrog's artifactory client.
8 | *
9 | * @see artifactory-client-java
10 | */
11 | package org.owasp.dependencycheck.data.artifactory;
12 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/cache/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * Implements a generic persisted cache that can be used to store results of external analysis between executions.
4 | *
5 | */
6 | package org.owasp.dependencycheck.data.cache;
7 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/central/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * Contains classes related to searching Maven Central.
4 | *
5 | * These are used to abstract Maven Central searching away from OWASP Dependency Check so they can be reused elsewhere.
6 | */
7 | package org.owasp.dependencycheck.data.central;
8 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/composer/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Model elements for PHP Composer files
3 | */
4 | package org.owasp.dependencycheck.data.composer;
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/cpe/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes for working with the CPE Lucene Index.
3 | */
4 | package org.owasp.dependencycheck.data.cpe;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/cwe/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes for working with the CWE Database.
3 | */
4 | package org.owasp.dependencycheck.data.cwe;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/elixir/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes for working with various Elixir project data.
3 | */
4 | package org.owasp.dependencycheck.data.elixir;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/golang/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes for working with the Go Lang project data.
3 | */
4 | package org.owasp.dependencycheck.data.golang;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/lucene/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to work with the Lucene Indexes.
3 | */
4 | package org.owasp.dependencycheck.data.lucene;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/nexus/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes related to searching a Nexus repository.
3 | *
4 | * These are used to abstract Nexus searching away from OWASP Dependency Check so they can be reused elsewhere.
5 | */
6 | package org.owasp.dependencycheck.data.nexus;
7 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/nodeaudit/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * Contains classes related to searching via Node Audit API.
4 | *
5 | * These are used to abstract Node Audit searching away from OWASP Dependency Check so they can be reused elsewhere.
6 | */
7 | package org.owasp.dependencycheck.data.nodeaudit;
8 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/nuget/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes related to parsing Nuget related files
3 | * These are used to abstract away Nuget-related handling from Dependency Check so they can be used elsewhere.
4 | */
5 | package org.owasp.dependencycheck.data.nuget;
6 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/nvd/ecosystem/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains utility classes used to identify the ecosystem for CPEs from the NVD.
3 | */
4 | package org.owasp.dependencycheck.data.nvd.ecosystem;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/nvdcve/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to work with the NVD CVE data.
3 | */
4 | package org.owasp.dependencycheck.data.nvdcve;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/ossindex/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Support for Sonatype OSS Index analysis.
3 | */
4 | package org.owasp.dependencycheck.data.ossindex;
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/update/cisa/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to parse the CISA Known Exploited Vulnerability Catalog.
3 | *
4 | */
5 | package org.owasp.dependencycheck.data.update.cisa;
6 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/update/cpe/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to parse the CPE XML file from NIST.
3 | *
4 | * These classes are not used as they add no value over the existing CPE data contained within the CVE data from the NVD. However,
5 | * we may consider pulling the more descriptive data from the CPE data in the future.
6 | */
7 | package org.owasp.dependencycheck.data.update.cpe;
8 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/update/exception/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * A collection of exception classes used within the application.
4 | */
5 | package org.owasp.dependencycheck.data.update.exception;
6 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/update/nvd/api/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to download, parse, and load the NVD API CVE data from NIST into the local database.
3 | */
4 | package org.owasp.dependencycheck.data.update.nvd.api;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/data/update/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | * Contains classes used to update the data stores.
4 | *
5 | * The UpdateService will load, any correctly defined CachedWebDataSource(s) and call update() on them. The Cached Data Source
6 | * must determine if it needs to be updated and if so perform the update. The sub packages contain classes used to perform the
7 | * actual updates.
8 | */
9 | package org.owasp.dependencycheck.data.update;
10 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/dependency/naming/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * A collection of identifiers for Dependency objects.
3 | */
4 | package org.owasp.dependencycheck.dependency.naming;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/dependency/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains the core Dependency implementation.
3 | */
4 | package org.owasp.dependencycheck.dependency;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/exception/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * A collection of exception classes used within the application.
3 | */
4 | package org.owasp.dependencycheck.exception;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Includes the main entry point for dependency-check.
3 | */
4 | package org.owasp.dependencycheck;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/processing/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Classes used to process the output of external tools.
3 | */
4 | package org.owasp.dependencycheck.processing;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/reporting/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to generate reports.
3 | */
4 | package org.owasp.dependencycheck.reporting;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/utils/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Includes various utility classes such as a Settings wrapper, a Checksum utility, etc.
3 | */
4 | package org.owasp.dependencycheck.utils;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/xml/assembly/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Support classes for parsing GrokAssembly output.
3 | */
4 | package org.owasp.dependencycheck.xml.assembly;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/xml/hints/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to parse the hints file to add evidence to dependencies.
3 | */
4 | package org.owasp.dependencycheck.xml.hints;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/xml/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to fix XML prior to parsing.
3 | */
4 | package org.owasp.dependencycheck.xml;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/xml/pom/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * This package contains classes used to parse pom.xml files.
3 | */
4 | package org.owasp.dependencycheck.xml.pom;
5 |
--------------------------------------------------------------------------------
/core/src/main/java/org/owasp/dependencycheck/xml/suppression/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Contains classes used to suppress findings.
3 | */
4 | package org.owasp.dependencycheck.xml.suppression;
5 |
--------------------------------------------------------------------------------
/core/src/main/resources/GrokAssembly.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/main/resources/GrokAssembly.zip
--------------------------------------------------------------------------------
/core/src/main/resources/META-INF/licenses/cve/license.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/main/resources/META-INF/licenses/cve/license.txt
--------------------------------------------------------------------------------
/core/src/main/resources/META-INF/licenses/cwe/license.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/main/resources/META-INF/licenses/cwe/license.txt
--------------------------------------------------------------------------------
/core/src/main/resources/META-INF/licenses/h2database/readme.txt:
--------------------------------------------------------------------------------
1 | The H2 database engine (http://www.h2database.com/) is dual licensed and available under a modified version of the MPL 1.1 (Mozilla Public License) or under the (unmodified) EPL 1.0 (Eclipse Public License).
2 | An original copy of the license agreement can be found at: http://www.h2database.com/html/license.html
--------------------------------------------------------------------------------
/core/src/main/resources/META-INF/services/org.owasp.dependencycheck.data.update.CachedWebDataSource:
--------------------------------------------------------------------------------
1 | org.owasp.dependencycheck.data.update.NvdApiDataSource
2 | org.owasp.dependencycheck.data.update.EngineVersionCheck
3 | org.owasp.dependencycheck.data.update.RetireJSDataSource
4 | org.owasp.dependencycheck.data.update.HostedSuppressionsDataSource
5 | org.owasp.dependencycheck.data.update.KnownExploitedDataSource
6 |
--------------------------------------------------------------------------------
/core/src/main/resources/data/cwe.hashmap.serialized:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/main/resources/data/cwe.hashmap.serialized
--------------------------------------------------------------------------------
/core/src/main/resources/data/dbEcosystemCacheUpdates.sql:
--------------------------------------------------------------------------------
1 | UPDATE cpeEcosystemCache set ecosystem='MULTIPLE' where vendor = 'apache' and product = 'hadoop' and ecosystem != 'MULTIPLE'
2 | UPDATE cpeEcosystemCache set ecosystem='MULTIPLE' where vendor = 'apache' and product = 'ranger' and ecosystem != 'MULTIPLE'
3 | UPDATE cpeEcosystemCache set ecosystem='NATIVE' where vendor = 'git' and product = 'git' and ecosystem != 'NATIVE'
4 | UPDATE cpeEcosystemCache set ecosystem='NATIVE' where vendor = 'python' and product = 'python' and ecosystem != 'NATIVE'
5 | UPDATE cpeEcosystemCache set ecosystem='NATIVE' where vendor = 'python_software_foundation' and product = 'python' and ecosystem != 'NATIVE'
6 | UPDATE cpeEcosystemCache set ecosystem='NATIVE' where vendor = 'python' and product = 'python' and ecosystem != 'NATIVE'
--------------------------------------------------------------------------------
/core/src/main/resources/data/dbStatements_mariadb.properties:
--------------------------------------------------------------------------------
1 | # Copyright 2015 OWASP.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | MERGE_PROPERTY=CALL save_property(?, ?);
16 | CLEANUP_ORPHANS=call cleanup_orphans();
17 | UPDATE_ECOSYSTEM=call update_ecosystems();
18 | UPDATE_ECOSYSTEM2=call update_ecosystems2();
19 | MERGE_CPE_ECOSYSTEM=call merge_ecosystem(?, ?, ?);
20 | MERGE_KNOWN_EXPLOITED=CALL merge_knownexploited(?,?,?,?,?,?,?,?,?);
--------------------------------------------------------------------------------
/core/src/main/resources/data/dbStatements_mysql.properties:
--------------------------------------------------------------------------------
1 | # Copyright 2015 OWASP.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | MERGE_PROPERTY=CALL save_property(?, ?);
16 | CLEANUP_ORPHANS=call cleanup_orphans();
17 | UPDATE_ECOSYSTEM=call update_ecosystems();
18 | UPDATE_ECOSYSTEM2=call update_ecosystems2();
19 | MERGE_CPE_ECOSYSTEM=call merge_ecosystem(?, ?, ?);
20 | MERGE_KNOWN_EXPLOITED=CALL merge_knownexploited(?,?,?,?,?,?,?,?,?);
21 |
--------------------------------------------------------------------------------
/core/src/main/resources/data/upgrade_5.3.sql:
--------------------------------------------------------------------------------
1 | CREATE TABLE knownExploited (cveID varchar(20) PRIMARY KEY,
2 | vendorProject VARCHAR(255),
3 | product VARCHAR(255),
4 | vulnerabilityName VARCHAR(500),
5 | dateAdded CHAR(10),
6 | shortDescription VARCHAR(2000),
7 | requiredAction VARCHAR(1000),
8 | dueDate CHAR(10),
9 | notes VARCHAR(2000));
10 |
11 | CREATE ALIAS merge_knownexploited FOR "org.owasp.dependencycheck.data.nvdcve.H2Functions.mergeKnownExploited";
12 |
13 | UPDATE Properties SET `value`='5.4' WHERE ID='version';
14 |
--------------------------------------------------------------------------------
/core/src/main/resources/schema/pom/generateBindings.bat:
--------------------------------------------------------------------------------
1 | if not "%JAVA_HOME%" == "" goto JAVA_HOME_DEFINED
2 |
3 | :NO_JAVA_HOME
4 | set XJC=xjc.exe
5 | goto LAUNCH
6 |
7 | :JAVA_HOME_DEFINED
8 | set XJC="%JAVA_HOME%\bin\xjc.exe"
9 | goto LAUNCH
10 |
11 | :LAUNCH
12 | %XJC% -extension -d ..\..\..\java -p "org.owasp.dependencycheck.jaxb.pom.generated" -mark-generated "maven-v4_0_0.xsd"
13 |
--------------------------------------------------------------------------------
/core/src/main/resources/schema/pom/generateBindings.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | if [ -n "$JAVA_HOME" ]
4 | then
5 | XJC="$JAVA_HOME/bin/xjc.exe"
6 | else
7 | XJC=xjc.exe
8 | fi
9 |
10 | exec "$XJC" -extension -d ../../../java -p "org.owasp.dependencycheck.jaxb.pom.generated" -mark-generated "maven-v4_0_0.xsd"
11 |
--------------------------------------------------------------------------------
/core/src/site/markdown/index.md:
--------------------------------------------------------------------------------
1 | About
2 | =====
3 | Dependency-check-core is the primary library that contains analyzers used to scan
4 | (java) application dependencies. The purpose of the analysis is to identify the
5 | library used and subsequently report on any CVE entries related to the library.
6 |
7 | The core engine can be extended by implementing new Analyzers; see the project
8 | [wiki](https://github.com/dependency-check/DependencyCheck/wiki/Making-a-new-Analyzer)
9 | for details.
10 |
11 | The engine is currently exposed via:
12 |
13 | - [Command Line Tool](../dependency-check-cli/index.html)
14 | - [Maven Plugin](../dependency-check-maven/index.html)
15 | - [Gradle Plugin](../dependency-check-gradle/index.html)
16 | - [Ant Task](../dependency-check-ant/index.html)
17 | - [Jenkins Plugin](../dependency-check-jenkins/index.html)
18 |
--------------------------------------------------------------------------------
/core/src/site/resources/images/readme.txt:
--------------------------------------------------------------------------------
1 | This JSON schema has been reduced so that the parser can directly skip data which is not in use.
2 |
3 | Se the src/main/doc folder for the originals.
--------------------------------------------------------------------------------
/core/src/test/java/org/owasp/dependencycheck/analyzer/NodeAuditAnalyzerTest.java:
--------------------------------------------------------------------------------
1 | package org.owasp.dependencycheck.analyzer;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.owasp.dependencycheck.BaseTest;
5 |
6 | import java.io.File;
7 |
8 | import static org.hamcrest.CoreMatchers.is;
9 | import static org.hamcrest.MatcherAssert.assertThat;
10 |
11 | class NodeAuditAnalyzerTest extends BaseTest {
12 |
13 | @Test
14 | void testGetName() {
15 | NodeAuditAnalyzer analyzer = new NodeAuditAnalyzer();
16 | assertThat(analyzer.getName(), is("Node Audit Analyzer"));
17 | }
18 |
19 | @Test
20 | void testSupportsFiles() {
21 | NodeAuditAnalyzer analyzer = new NodeAuditAnalyzer();
22 | assertThat(analyzer.accept(new File("package-lock.json")), is(true));
23 | assertThat(analyzer.accept(new File("npm-shrinkwrap.json")), is(true));
24 | assertThat(analyzer.accept(new File("yarn.lock")), is(false));
25 | assertThat(analyzer.accept(new File("package.json")), is(false));
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/core/src/test/java/org/owasp/dependencycheck/analyzer/YarnAuditAnalyzerTest.java:
--------------------------------------------------------------------------------
1 | package org.owasp.dependencycheck.analyzer;
2 |
3 | import org.junit.jupiter.api.Test;
4 | import org.owasp.dependencycheck.BaseTest;
5 |
6 | import java.io.File;
7 |
8 | import static org.hamcrest.CoreMatchers.is;
9 | import static org.hamcrest.MatcherAssert.assertThat;
10 |
11 | class YarnAuditAnalyzerTest extends BaseTest {
12 |
13 | @Test
14 | void testGetName() {
15 | YarnAuditAnalyzer analyzer = new YarnAuditAnalyzer();
16 | assertThat(analyzer.getName(), is("Yarn Audit Analyzer"));
17 | }
18 |
19 | @Test
20 | void testSupportsFiles() {
21 | YarnAuditAnalyzer analyzer = new YarnAuditAnalyzer();
22 | assertThat(analyzer.accept(new File("package-lock.json")), is(false));
23 | assertThat(analyzer.accept(new File("npm-shrinkwrap.json")), is(false));
24 | assertThat(analyzer.accept(new File("yarn.lock")), is(true));
25 | assertThat(analyzer.accept(new File("package.json")), is(false));
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/core/src/test/resources/._avro-ipc-1.5.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/._avro-ipc-1.5.0.jar
--------------------------------------------------------------------------------
/core/src/test/resources/FileHelpers.2.0.0.0.nupkg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/FileHelpers.2.0.0.0.nupkg
--------------------------------------------------------------------------------
/core/src/test/resources/archive/handle-a.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/archive/handle-a.jar
--------------------------------------------------------------------------------
/core/src/test/resources/archive/handle-b.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/archive/handle-b.jar
--------------------------------------------------------------------------------
/core/src/test/resources/assembly/sample-grok-error.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | Unable to process file
4 |
--------------------------------------------------------------------------------
/core/src/test/resources/assembly/sample-grok.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | OWASP Contributors
4 | GrokAssembly
5 | 3.0.0.0
6 | Inspects a .NET Assembly to determine Company, Product, and Version information
7 | GrokAssembly
8 | /Users/jeremy/Projects/GrokAssembly/GrokAssembly/bin/Release/netcoreapp2.0/GrokAssembly.dll
9 | 3.0.0.0
10 | GrokAssembly.exe
11 | GrokAssembly.exe
12 | GrokAssembly, Version=3.0.0.0, Culture=neutral, PublicKeyToken=null
13 |
14 | GrokAssembly
15 |
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/avro-ipc-1.5.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/avro-ipc-1.5.0.jar
--------------------------------------------------------------------------------
/core/src/test/resources/bootable-0.1.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/bootable-0.1.0.jar
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/README.md:
--------------------------------------------------------------------------------
1 | CMakeAnalyzer Test Resources README
2 | ===================================
3 |
4 | cmake-modules/
5 | --------------
6 |
7 | Origin: https://gitlab.kitware.com/cmake/cmake/-/tree/master/Modules
8 |
9 | opencv/
10 | -------
11 |
12 | Origin: https://github.com/Itseez/opencv/
13 |
14 | zlib/
15 | -----
16 |
17 | Origin: https://github.com/madler/zlib
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/3rdparty/ffmpeg/ffmpeg_version.cmake:
--------------------------------------------------------------------------------
1 | set(HAVE_FFMPEG 1)
2 | set(HAVE_FFMPEG_CODEC 1)
3 | set(HAVE_FFMPEG_FORMAT 1)
4 | set(HAVE_FFMPEG_UTIL 1)
5 | set(HAVE_FFMPEG_SWSCALE 1)
6 | set(HAVE_FFMPEG_RESAMPLE 0)
7 | set(HAVE_GENTOO_FFMPEG 1)
8 |
9 | set(ALIASOF_libavcodec_VERSION 55.18.102)
10 | set(ALIASOF_libavformat_VERSION 55.12.100)
11 | set(ALIASOF_libavutil_VERSION 52.38.100)
12 | set(ALIASOF_libswscale_VERSION 2.3.100)
13 | set(ALIASOF_libavresample_VERSION 1.0.1)
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/OpenCVDetectApacheAnt.cmake:
--------------------------------------------------------------------------------
1 | file(TO_CMAKE_PATH "$ENV{ANT_DIR}" ANT_DIR_ENV_PATH)
2 | file(TO_CMAKE_PATH "$ENV{ProgramFiles}" ProgramFiles_ENV_PATH)
3 |
4 | if(CMAKE_HOST_WIN32)
5 | set(ANT_NAME ant.bat)
6 | else()
7 | set(ANT_NAME ant)
8 | endif()
9 |
10 | find_host_program(ANT_EXECUTABLE NAMES ${ANT_NAME}
11 | PATHS "${ANT_DIR_ENV_PATH}/bin" "${ProgramFiles_ENV_PATH}/apache-ant/bin"
12 | NO_DEFAULT_PATH
13 | )
14 |
15 | find_host_program(ANT_EXECUTABLE NAMES ${ANT_NAME})
16 |
17 | if(ANT_EXECUTABLE)
18 | execute_process(COMMAND ${ANT_EXECUTABLE} -version
19 | RESULT_VARIABLE ANT_ERROR_LEVEL
20 | OUTPUT_VARIABLE ANT_VERSION_FULL
21 | OUTPUT_STRIP_TRAILING_WHITESPACE)
22 | if (ANT_ERROR_LEVEL)
23 | unset(ANT_EXECUTABLE)
24 | unset(ANT_EXECUTABLE CACHE)
25 | else()
26 | string(REGEX MATCH "[0-9]+.[0-9]+.[0-9]+" ANT_VERSION "${ANT_VERSION_FULL}")
27 | set(ANT_VERSION "${ANT_VERSION}" CACHE INTERNAL "Detected ant vesion")
28 |
29 | message(STATUS "Found apache ant ${ANT_VERSION}: ${ANT_EXECUTABLE}")
30 | endif()
31 | endif()
32 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/OpenCVDetectCStripes.cmake:
--------------------------------------------------------------------------------
1 | if(WIN32)
2 | find_path( CSTRIPES_LIB_DIR
3 | NAMES "С=.lib"
4 | DOC "The path to C= lib and dll")
5 | if(CSTRIPES_LIB_DIR)
6 | ocv_include_directories("${CSTRIPES_LIB_DIR}/..")
7 | link_directories("${CSTRIPES_LIB_DIR}")
8 | set(OPENCV_LINKER_LIBS ${OPENCV_LINKER_LIBS} "C=")
9 | set(HAVE_CSTRIPES 1)
10 | endif()
11 | endif()
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/OpenCVDetectDirectX.cmake:
--------------------------------------------------------------------------------
1 | if(WIN32)
2 | try_compile(__VALID_DIRECTX
3 | "${OpenCV_BINARY_DIR}"
4 | "${OpenCV_SOURCE_DIR}/cmake/checks/directx.cpp"
5 | OUTPUT_VARIABLE TRY_OUT
6 | )
7 | if(NOT __VALID_DIRECTX)
8 | return()
9 | endif()
10 | set(HAVE_DIRECTX ON)
11 | set(HAVE_D3D11 ON)
12 | set(HAVE_D3D10 ON)
13 | set(HAVE_D3D9 ON)
14 | endif()
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/OpenCVGenInfoPlist.cmake:
--------------------------------------------------------------------------------
1 | if(OPENCV_EXTRA_WORLD)
2 | set(OPENCV_APPLE_BUNDLE_NAME "OpenCV_contrib")
3 | set(OPENCV_APPLE_BUNDLE_ID "org.opencv_contrib")
4 | else()
5 | set(OPENCV_APPLE_BUNDLE_NAME "OpenCV")
6 | set(OPENCV_APPLE_BUNDLE_ID "org.opencv")
7 | endif()
8 |
9 | if(IOS)
10 | configure_file("${OpenCV_SOURCE_DIR}/platforms/ios/Info.plist.in"
11 | "${CMAKE_BINARY_DIR}/ios/Info.plist")
12 | elseif(APPLE)
13 | configure_file("${OpenCV_SOURCE_DIR}/platforms/osx/Info.plist.in"
14 | "${CMAKE_BINARY_DIR}/osx/Info.plist")
15 | endif()
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/OpenCVMinDepVersions.cmake:
--------------------------------------------------------------------------------
1 | set(MIN_VER_CMAKE 2.8.7)
2 | set(MIN_VER_CUDA 4.2)
3 | set(MIN_VER_PYTHON2 2.6)
4 | set(MIN_VER_PYTHON3 3.2)
5 | set(MIN_VER_ZLIB 1.2.3)
6 | set(MIN_VER_GTK 2.18.0)
7 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/checks/OpenCVDetectCudaArch.cu:
--------------------------------------------------------------------------------
1 | #include
2 | int main()
3 | {
4 | int count = 0;
5 | if (cudaSuccess != cudaGetDeviceCount(&count)){return -1;}
6 | if (count == 0) {return -1;}
7 | for (int device = 0; device < count; ++device)
8 | {
9 | cudaDeviceProp prop;
10 | if (cudaSuccess != cudaGetDeviceProperties(&prop, device)){ continue;}
11 | printf("%d.%d ", prop.major, prop.minor);
12 | }
13 | return 0;
14 | }
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/checks/opencl.cpp:
--------------------------------------------------------------------------------
1 | #if defined __APPLE__
2 | #include
3 | #else
4 | #include
5 | #endif
6 |
7 | #ifndef _MSC_VER
8 | #ifdef CL_VERSION_1_2
9 | #error OpenCL is valid
10 | #else
11 | #error OpenCL check failed
12 | #endif
13 | #else
14 | #ifdef CL_VERSION_1_2
15 | #pragma message ("OpenCL is valid")
16 | #else
17 | #pragma message ("OpenCL check failed")
18 | #endif
19 | #endif
20 |
21 | int main(int /*argc*/, char** /*argv*/)
22 | {
23 | return 0;
24 | }
25 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/checks/vfwtest.cpp:
--------------------------------------------------------------------------------
1 |
2 | #include
3 | #include
4 |
5 | int main()
6 | {
7 | AVIFileInit();
8 | AVIFileExit();
9 | return 0;
10 | }
11 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/checks/win32uitest.cpp:
--------------------------------------------------------------------------------
1 | #include
2 |
3 | int main(int argc, char** argv)
4 | {
5 | CreateWindow(NULL /*lpClassName*/, NULL /*lpWindowName*/, 0 /*dwStyle*/, 0 /*x*/,
6 | 0 /*y*/, 0 /*nWidth*/, 0 /*nHeight*/, NULL /*hWndParent*/, NULL /*hMenu*/,
7 | NULL /*hInstance*/, NULL /*lpParam*/);
8 | DeleteDC(NULL);
9 |
10 | return 0;
11 | }
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/copyAndroidLibs.cmake:
--------------------------------------------------------------------------------
1 | # helper file for Android samples build
2 |
3 | file(GLOB_RECURSE LIBS RELATIVE ${SRC_DIR} "*.so")
4 |
5 | foreach(l ${LIBS})
6 | message(STATUS " Copying: ${l} ...")
7 | execute_process(COMMAND ${CMAKE_COMMAND} -E copy_if_different ${SRC_DIR}/${l} ${DST_DIR}/${l})
8 | endforeach()
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/templates/OpenCVConfig-version.cmake.in:
--------------------------------------------------------------------------------
1 | set(OpenCV_VERSION @OPENCV_VERSION_PLAIN@)
2 | set(PACKAGE_VERSION ${OpenCV_VERSION})
3 |
4 | set(PACKAGE_VERSION_EXACT False)
5 | set(PACKAGE_VERSION_COMPATIBLE False)
6 |
7 | if(PACKAGE_FIND_VERSION VERSION_EQUAL PACKAGE_VERSION)
8 | set(PACKAGE_VERSION_EXACT True)
9 | set(PACKAGE_VERSION_COMPATIBLE True)
10 | endif()
11 |
12 | if(PACKAGE_FIND_VERSION VERSION_LESS PACKAGE_VERSION)
13 | set(PACKAGE_VERSION_COMPATIBLE True)
14 | endif()
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/templates/opencv-XXX.pc.in:
--------------------------------------------------------------------------------
1 | # Package Information for pkg-config
2 |
3 | prefix=@prefix@
4 | exec_prefix=@exec_prefix@
5 | libdir=@libdir@
6 | includedir_old=@includedir@/opencv
7 | includedir_new=@includedir@
8 |
9 | Name: OpenCV
10 | Description: Open Source Computer Vision Library
11 | Version: @OPENCV_VERSION_PLAIN@
12 | Libs: @OPENCV_PC_LIBS@
13 | Libs.private: @OPENCV_PC_LIBS_PRIVATE@
14 | Cflags: -I${includedir_old} -I${includedir_new}
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/templates/opencv_abi.xml.in:
--------------------------------------------------------------------------------
1 |
2 |
3 |
8 |
9 |
10 |
11 |
12 | @OPENCV_ABI_VERSION@
13 |
14 |
15 |
16 | @OPENCV_ABI_HEADERS@
17 |
18 |
19 |
20 | @OPENCV_ABI_LIBRARIES@
21 |
22 |
23 |
24 | opencv2/hal/intrin*
25 | opencv2/core/cuda*
26 | opencv2/core/private*
27 | opencv/cxeigen.hpp
28 | opencv2/core/eigen.hpp
29 | opencv2/flann/hdf5.h
30 | opencv2/imgcodecs/ios.h
31 | opencv2/videoio/cap_ios.h
32 | opencv2/ts.hpp
33 | opencv2/ts/*
34 | opencv2/xobjdetect/private.hpp
35 | @OPENCV_ABI_SKIP_HEADERS@
36 |
37 |
38 |
39 | @OPENCV_ABI_SKIP_LIBRARIES@
40 |
41 |
42 |
43 | @OPENCV_ABI_GCC_OPTIONS@
44 |
45 |
46 |
47 |
--------------------------------------------------------------------------------
/core/src/test/resources/cmake/opencv/cmake/templates/opencv_modules.hpp.in:
--------------------------------------------------------------------------------
1 | /*
2 | * ** File generated automatically, do not modify **
3 | *
4 | * This file defines the list of modules available in current build configuration
5 | *
6 | *
7 | */
8 |
9 | @OPENCV_MODULE_DEFINITIONS_CONFIGMAKE@
10 |
--------------------------------------------------------------------------------
/core/src/test/resources/commons-fileupload-1.2.1.suppression.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 | 384FAA82E193D4E4B0546059CA09572654BC3970
8 | cpe:/a:apache:commons_fileupload:1.2.1
9 |
10 |
11 |
14 | 384FAA82E193D4E4B0546059CA09572654BC3970
15 | CVE-2014-0050
16 |
17 |
--------------------------------------------------------------------------------
/core/src/test/resources/dart.addressbook/pubspec.yaml:
--------------------------------------------------------------------------------
1 | name: addressbook
2 | description: dartlang.org example code.
3 |
4 | dependencies:
5 | protobuf:
--------------------------------------------------------------------------------
/core/src/test/resources/dart/pubspec.lock:
--------------------------------------------------------------------------------
1 | # Generated by pub
2 | # See https://dart.dev/tools/pub/glossary#lockfile
3 | packages:
4 | _fe_analyzer_shared:
5 | dependency: transitive
6 | description:
7 | name: _fe_analyzer_shared
8 | url: "https://pub.dartlang.org"
9 | source: hosted
10 | version: "40.0.0"
11 | analyzer:
12 | dependency: transitive
13 | description:
14 | name: analyzer
15 | url: "https://pub.dartlang.org"
16 | source: hosted
17 | version: "4.1.0"
18 | build_runner:
19 | dependency: "direct dev"
20 | description:
21 | name: build_runner
22 | url: "https://pub.dartlang.org"
23 | source: hosted
24 | version: "2.1.11"
25 | collection:
26 | dependency: "direct main"
27 | description:
28 | name: collection
29 | url: "https://pub.dartlang.org"
30 | source: hosted
31 | version: "1.16.0"
32 | sdks:
33 | dart: ">=2.17.0 <3.0.0"
34 | flutter: ">=3.0.0"
35 |
--------------------------------------------------------------------------------
/core/src/test/resources/dwr.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/dwr.jar
--------------------------------------------------------------------------------
/core/src/test/resources/ecosystem/nodejs.ecosystem.txt:
--------------------------------------------------------------------------------
1 | The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.
2 | sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.
--------------------------------------------------------------------------------
/core/src/test/resources/ecosystem/null.ecosystem.txt:
--------------------------------------------------------------------------------
1 | The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
2 | TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
3 |
--------------------------------------------------------------------------------
/core/src/test/resources/ecosystem/perl.ecosystem.txt:
--------------------------------------------------------------------------------
1 | debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
2 | The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.
--------------------------------------------------------------------------------
/core/src/test/resources/ecosystem/python.ecosystem.txt:
--------------------------------------------------------------------------------
1 | libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat.
2 | The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.
--------------------------------------------------------------------------------
/core/src/test/resources/ecosystem/ruby.ecosystem.txt:
--------------------------------------------------------------------------------
1 | The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
2 | lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
--------------------------------------------------------------------------------
/core/src/test/resources/elixir/invalid_executable:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/elixir/invalid_executable
--------------------------------------------------------------------------------
/core/src/test/resources/elixir/mix.lock:
--------------------------------------------------------------------------------
1 | %{
2 | "accept": {:hex, :accept, "0.3.5", "b33b127abca7cc948bbe6caa4c263369abf1347cfa9d8e699c6d214660f10cd1", [:rebar3], [], "hexpm"},
3 | "certifi": {:hex, :certifi, "2.5.1", "867ce347f7c7d78563450a18a6a28a8090331e77fa02380b4a21962a65d36ee5", [:rebar3], [{:parse_trans, "~>3.3", [hex: :parse_trans, repo: "hexpm", optional: false]}], "hexpm"},
4 | "combine": {:hex, :combine, "0.10.0", "eff8224eeb56498a2af13011d142c5e7997a80c8f5b97c499f84c841032e429f", [:mix], [], "hexpm"},
5 | "tzdata": {:hex, :tzdata, "0.5.20", "304b9e98a02840fb32a43ec111ffbe517863c8566eb04a061f1c4dbb90b4d84c", [:mix], [{:hackney, "~> 1.0", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
6 | "unicode_util_compat": {:hex, :unicode_util_compat, "0.4.1", "d869e4c68901dd9531385bb0c8c40444ebf624e60b6962d95952775cac5e90cd", [:rebar3], [], "hexpm"},
7 | }
8 |
--------------------------------------------------------------------------------
/core/src/test/resources/elixir/mix_audit/empty.json:
--------------------------------------------------------------------------------
1 | {"pass":true,"vulnerabilities":[]}
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/elixir/mix_audit/plug.json:
--------------------------------------------------------------------------------
1 | {
2 | "pass": false,
3 | "vulnerabilities": [
4 | {
5 | "advisory": {
6 | "cve": "2018-1000883",
7 | "description": "Cookie headers were not validated\n",
8 | "disclosure_date": "2017-04-17",
9 | "id": "dc96aba4-4462-4d3b-b73f-28b9349133d8",
10 | "package": "plug",
11 | "patched_versions": [
12 | ">= 1.3.5",
13 | "~> 1.2.5",
14 | "~> 1.1.9",
15 | "~> 1.0.6"
16 | ],
17 | "title": "Header Injection\n",
18 | "unaffected_versions": [],
19 | "url": "https://github.com/elixir-plug/plug/commit/8857f8ab4acf9b9c22e80480dae2636692f5f573"
20 | },
21 | "dependency": {
22 | "lockfile": "/DependencyCheck/core/src/test/resources/elixir/vulnerable/mix.lock",
23 | "package": "plug",
24 | "version": "1.3.4"
25 | }
26 | }
27 | ]
28 | }
29 |
--------------------------------------------------------------------------------
/core/src/test/resources/elixir/vulnerable/mix.lock:
--------------------------------------------------------------------------------
1 | %{
2 | "plug": {:hex, :plug, "1.3.4", "0933e4d9f12652b12115d5709c0293a1bf78a22578032e9ad0dad4efee6b9eb1", [:mix], [{:dataloader, "~> 1.0.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "076b8bd9552f4966ba1242f412f6c439b731169a36a0ddaaffcd3893828f5bf6"},
3 | }
4 |
5 |
--------------------------------------------------------------------------------
/core/src/test/resources/evil.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/evil.zip
--------------------------------------------------------------------------------
/core/src/test/resources/file.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/file.tar
--------------------------------------------------------------------------------
/core/src/test/resources/file.tar.bz2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/file.tar.bz2
--------------------------------------------------------------------------------
/core/src/test/resources/file.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/file.tar.gz
--------------------------------------------------------------------------------
/core/src/test/resources/file.tbz2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/file.tbz2
--------------------------------------------------------------------------------
/core/src/test/resources/file.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/file.tgz
--------------------------------------------------------------------------------
/core/src/test/resources/golang/Gopkg.toml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/golang/Gopkg.toml
--------------------------------------------------------------------------------
/core/src/test/resources/golang/go.mod:
--------------------------------------------------------------------------------
1 | module my/thing
2 |
3 | require github.com/ethereum/go-ethereum v1.8.17
4 |
5 | require (
6 | github.com/go-gitea/gitea v1.5.0
7 | golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a // indirect
8 | )
9 |
10 | replace bad/thing v1.4.5 => good/thing v1.4.5
11 |
--------------------------------------------------------------------------------
/core/src/test/resources/golang/go.sum:
--------------------------------------------------------------------------------
1 | github.com/ethereum/go-ethereum v1.8.17/go.mod h1:PwpWDrCLZrV+tfrhqqF6kPknbISMHaJv9Ln3kPCZLwY=
2 | github.com/go-gitea/gitea v1.5.0/go.mod h1:g8iUbfFNyuJp8u7GsSggxI8NQyuxeGTyqxogl3imbQM=
3 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
4 | golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
5 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
6 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
7 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
8 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/hibernate3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/hibernate3.jar
--------------------------------------------------------------------------------
/core/src/test/resources/incorrectSuppressions.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 | ^jetty:org\.mortbay\.jetty:.*$
8 | cpe:/a:mortbay_jetty:jetty
9 |
10 |
11 |
14 | ^org\.apache\.struts:struts2-core:.*$
15 | CVE-2008-6504
16 |
17 |
--------------------------------------------------------------------------------
/core/src/test/resources/javascript/custom.js:
--------------------------------------------------------------------------------
1 | /**
2 | * Custom JS.
3 | */
4 | alert('Hello World');
5 |
--------------------------------------------------------------------------------
/core/src/test/resources/log4net.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/log4net.dll
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Shared Packages
5 | Copyright © 2020
6 |
7 |
8 |
9 | 3.0.0
10 | 5.0.0
11 |
12 |
13 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectA/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | 1.0.0
8 |
9 |
10 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectA/ProjectA.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectB/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | 2.0.0
7 |
8 |
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectB/ProjectB.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectC/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | 3.0.0
7 |
8 |
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectC/ProjectC.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectD/Directory.Build.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | 4.0.0
7 |
8 |
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectD/ProjectD.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectD/Version.props:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 4.0.0
5 |
6 |
7 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectE/ProjectE.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectF/Directory.Packages.props:
--------------------------------------------------------------------------------
1 |
2 |
3 | true
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/ProjectF/ProjectF.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/msbuild/test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net471
5 |
6 |
7 |
8 |
9 |
10 |
11 | 11.1.0
12 |
13 |
14 |
15 | 6.0.0
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
--------------------------------------------------------------------------------
/core/src/test/resources/mysql-connector-java-5.1.27-bin.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/mysql-connector-java-5.1.27-bin.jar
--------------------------------------------------------------------------------
/core/src/test/resources/nodeaudit/empty.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/nodeaudit/empty.json
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/fake_submodule/node_modules/isarray/.npmignore:
--------------------------------------------------------------------------------
1 | node_modules
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/fake_submodule/node_modules/isarray/component.json:
--------------------------------------------------------------------------------
1 | {
2 | "name" : "isarray",
3 | "description" : "Array#isArray for older browsers",
4 | "version" : "0.0.1",
5 | "repository" : "juliangruber/isarray",
6 | "homepage": "https://github.com/juliangruber/isarray",
7 | "main" : "index.js",
8 | "scripts" : [
9 | "index.js"
10 | ],
11 | "dependencies" : {},
12 | "keywords": ["browser","isarray","array"],
13 | "author": {
14 | "name": "Julian Gruber",
15 | "email": "mail@juliangruber.com",
16 | "url": "http://juliangruber.com"
17 | },
18 | "license": "MIT"
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/fake_submodule/node_modules/preserve/.npmignore:
--------------------------------------------------------------------------------
1 | # Numerous always-ignore extensions
2 | *.csv
3 | *.dat
4 | *.diff
5 | *.err
6 | *.gz
7 | *.log
8 | *.orig
9 | *.out
10 | *.pid
11 | *.rar
12 | *.rej
13 | *.seed
14 | *.swo
15 | *.swp
16 | *.vi
17 | *.yo-rc.json
18 | *.zip
19 | *~
20 | .ruby-version
21 | lib-cov
22 | npm-debug.log
23 |
24 | # Always-ignore dirs
25 | /bower_components/
26 | /node_modules/
27 | /temp/
28 | /tmp/
29 | /vendor/
30 | _gh_pages
31 |
32 | # OS or Editor folders
33 | *.esproj
34 | *.komodoproject
35 | .komodotools
36 | *.sublime-*
37 | ._*
38 | .cache
39 | .DS_Store
40 | .idea
41 | .project
42 | .settings
43 | .tmproj
44 | nbproject
45 | Thumbs.db
46 |
47 | # grunt-html-validation
48 | validation-status.json
49 | validation-report.json
50 |
51 | # misc
52 | TODO.md
53 | benchmark
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/fake_submodule/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "fake_submodule",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "braces": "^1.8.5"
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/local_package/mypackage/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "mypackage",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/local_package/node_modules/.package-lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "local_package",
3 | "version": "1.0.0",
4 | "lockfileVersion": 2,
5 | "requires": true,
6 | "packages": {
7 | "mypackage": {
8 | "version": "1.0.0",
9 | "license": "ISC"
10 | },
11 | "node_modules/mypackage": {
12 | "resolved": "mypackage",
13 | "link": true
14 | }
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/local_package/node_modules/mypackage:
--------------------------------------------------------------------------------
1 | ../mypackage
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/local_package/package-lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "local_package",
3 | "version": "1.0.0",
4 | "lockfileVersion": 2,
5 | "requires": true,
6 | "packages": {
7 | "": {
8 | "name": "local_package",
9 | "version": "1.0.0",
10 | "license": "ISC",
11 | "dependencies": {
12 | "mypackage": "file:./mypackage"
13 | }
14 | },
15 | "mypackage": {
16 | "version": "1.0.0",
17 | "license": "ISC"
18 | },
19 | "node_modules/mypackage": {
20 | "resolved": "mypackage",
21 | "link": true
22 | }
23 | },
24 | "dependencies": {
25 | "mypackage": {
26 | "version": "file:mypackage"
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/local_package/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "local_package",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "mypackage": "file:./mypackage"
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/no_lock/node_modules/isarray/.npmignore:
--------------------------------------------------------------------------------
1 | node_modules
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/no_lock/node_modules/isarray/component.json:
--------------------------------------------------------------------------------
1 | {
2 | "name" : "isarray",
3 | "description" : "Array#isArray for older browsers",
4 | "version" : "0.0.1",
5 | "repository" : "juliangruber/isarray",
6 | "homepage": "https://github.com/juliangruber/isarray",
7 | "main" : "index.js",
8 | "scripts" : [
9 | "index.js"
10 | ],
11 | "dependencies" : {},
12 | "keywords": ["browser","isarray","array"],
13 | "author": {
14 | "name": "Julian Gruber",
15 | "email": "mail@juliangruber.com",
16 | "url": "http://juliangruber.com"
17 | },
18 | "license": "MIT"
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/no_lock/node_modules/preserve/.npmignore:
--------------------------------------------------------------------------------
1 | # Numerous always-ignore extensions
2 | *.csv
3 | *.dat
4 | *.diff
5 | *.err
6 | *.gz
7 | *.log
8 | *.orig
9 | *.out
10 | *.pid
11 | *.rar
12 | *.rej
13 | *.seed
14 | *.swo
15 | *.swp
16 | *.vi
17 | *.yo-rc.json
18 | *.zip
19 | *~
20 | .ruby-version
21 | lib-cov
22 | npm-debug.log
23 |
24 | # Always-ignore dirs
25 | /bower_components/
26 | /node_modules/
27 | /temp/
28 | /tmp/
29 | /vendor/
30 | _gh_pages
31 |
32 | # OS or Editor folders
33 | *.esproj
34 | *.komodoproject
35 | .komodotools
36 | *.sublime-*
37 | ._*
38 | .cache
39 | .DS_Store
40 | .idea
41 | .project
42 | .settings
43 | .tmproj
44 | nbproject
45 | Thumbs.db
46 |
47 | # grunt-html-validation
48 | validation-status.json
49 | validation-report.json
50 |
51 | # misc
52 | TODO.md
53 | benchmark
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/no_lock/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "noLock",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "braces": "1.8.5"
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/debug/.coveralls.yml:
--------------------------------------------------------------------------------
1 | repo_token: SIAeZjKYlHK74rbcFvNHMUzjRiMpflxve
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/debug/.eslintrc:
--------------------------------------------------------------------------------
1 | {
2 | "env": {
3 | "browser": true,
4 | "node": true
5 | },
6 | "rules": {
7 | "no-console": 0,
8 | "no-empty": [1, { "allowEmptyCatch": true }]
9 | },
10 | "extends": "eslint:recommended"
11 | }
12 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/debug/.npmignore:
--------------------------------------------------------------------------------
1 | support
2 | test
3 | examples
4 | example
5 | *.sock
6 | dist
7 | yarn.lock
8 | coverage
9 | bower.json
10 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/debug/component.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "debug",
3 | "repo": "visionmedia/debug",
4 | "description": "small debugging utility",
5 | "version": "2.6.9",
6 | "keywords": [
7 | "debug",
8 | "log",
9 | "debugger"
10 | ],
11 | "main": "src/browser.js",
12 | "scripts": [
13 | "src/browser.js",
14 | "src/debug.js"
15 | ],
16 | "dependencies": {
17 | "rauchg/ms.js": "0.7.1"
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/dns-sync/.npmignore:
--------------------------------------------------------------------------------
1 | lib-cov
2 | *.seed
3 | *.log
4 | *.csv
5 | *.dat
6 | *.out
7 | *.pid
8 | *.gz
9 |
10 | pids
11 | logs
12 | results
13 |
14 | npm-debug.log
15 | node_modules
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/dns-sync/benchmarks/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "dns-sync-perf",
3 | "description": "dns-sync",
4 | "version": "0.0.1",
5 | "devDependencies": {
6 | "benchmark" : "^1.0.0",
7 | "microtime": "^1.2.0"
8 | },
9 | "scripts": {
10 | "test": "node perf.js"
11 | }
12 | }
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/dns-sync/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "dns-sync",
3 | "version": "0.1.3",
4 | "description": "dns-sync",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "make test"
8 | },
9 | "homepage": "https://github.com/skoranga/node-dns-sync",
10 | "repository": {
11 | "type": "git",
12 | "url": "git@github.com:skoranga/node-dns-sync.git"
13 | },
14 | "keywords": [
15 | "dns sync",
16 | "server startup",
17 | "nodejs"
18 | ],
19 | "author": "Sanjeev Koranga",
20 | "license": "MIT",
21 | "readmeFilename": "README.md",
22 | "dependencies": {
23 | "debug" : "^2",
24 | "shelljs": "~0.5"
25 | },
26 | "devDependencies": {
27 | "mocha" : "^2",
28 | "jshint" : "^2"
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/fake_submodule/node_modules/isarray/.npmignore:
--------------------------------------------------------------------------------
1 | node_modules
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/fake_submodule/node_modules/isarray/component.json:
--------------------------------------------------------------------------------
1 | {
2 | "name" : "isarray",
3 | "description" : "Array#isArray for older browsers",
4 | "version" : "0.0.1",
5 | "repository" : "juliangruber/isarray",
6 | "homepage": "https://github.com/juliangruber/isarray",
7 | "main" : "index.js",
8 | "scripts" : [
9 | "index.js"
10 | ],
11 | "dependencies" : {},
12 | "keywords": ["browser","isarray","array"],
13 | "author": {
14 | "name": "Julian Gruber",
15 | "email": "mail@juliangruber.com",
16 | "url": "http://juliangruber.com"
17 | },
18 | "license": "MIT"
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/fake_submodule/node_modules/preserve/.npmignore:
--------------------------------------------------------------------------------
1 | # Numerous always-ignore extensions
2 | *.csv
3 | *.dat
4 | *.diff
5 | *.err
6 | *.gz
7 | *.log
8 | *.orig
9 | *.out
10 | *.pid
11 | *.rar
12 | *.rej
13 | *.seed
14 | *.swo
15 | *.swp
16 | *.vi
17 | *.yo-rc.json
18 | *.zip
19 | *~
20 | .ruby-version
21 | lib-cov
22 | npm-debug.log
23 |
24 | # Always-ignore dirs
25 | /bower_components/
26 | /node_modules/
27 | /temp/
28 | /tmp/
29 | /vendor/
30 | _gh_pages
31 |
32 | # OS or Editor folders
33 | *.esproj
34 | *.komodoproject
35 | .komodotools
36 | *.sublime-*
37 | ._*
38 | .cache
39 | .DS_Store
40 | .idea
41 | .project
42 | .settings
43 | .tmproj
44 | nbproject
45 | Thumbs.db
46 |
47 | # grunt-html-validation
48 | validation-status.json
49 | validation-report.json
50 |
51 | # misc
52 | TODO.md
53 | benchmark
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/fake_submodule/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "fake_submodule",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "braces": "^1.8.5"
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/isarray/.npmignore:
--------------------------------------------------------------------------------
1 | node_modules
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/isarray/component.json:
--------------------------------------------------------------------------------
1 | {
2 | "name" : "isarray",
3 | "description" : "Array#isArray for older browsers",
4 | "version" : "0.0.1",
5 | "repository" : "juliangruber/isarray",
6 | "homepage": "https://github.com/juliangruber/isarray",
7 | "main" : "index.js",
8 | "scripts" : [
9 | "index.js"
10 | ],
11 | "dependencies" : {},
12 | "keywords": ["browser","isarray","array"],
13 | "author": {
14 | "name": "Julian Gruber",
15 | "email": "mail@juliangruber.com",
16 | "url": "http://juliangruber.com"
17 | },
18 | "license": "MIT"
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/js-tokens/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "js-tokens",
3 | "version": "4.0.0",
4 | "author": "Simon Lydell",
5 | "license": "MIT",
6 | "description": "A regex that tokenizes JavaScript.",
7 | "keywords": [
8 | "JavaScript",
9 | "js",
10 | "token",
11 | "tokenize",
12 | "regex"
13 | ],
14 | "files": [
15 | "index.js"
16 | ],
17 | "repository": "lydell/js-tokens",
18 | "scripts": {
19 | "test": "mocha --ui tdd",
20 | "esprima-compare": "node esprima-compare ./index.js everything.js/es5.js",
21 | "build": "node generate-index.js",
22 | "dev": "npm run build && npm test"
23 | },
24 | "devDependencies": {
25 | "coffeescript": "2.1.1",
26 | "esprima": "4.0.0",
27 | "everything.js": "1.0.3",
28 | "mocha": "5.0.0"
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/loose-envify/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "loose-envify",
3 | "version": "1.4.0",
4 | "description": "Fast (and loose) selective `process.env` replacer using js-tokens instead of an AST",
5 | "keywords": [
6 | "environment",
7 | "variables",
8 | "browserify",
9 | "browserify-transform",
10 | "transform",
11 | "source",
12 | "configuration"
13 | ],
14 | "homepage": "https://github.com/zertosh/loose-envify",
15 | "license": "MIT",
16 | "author": "Andres Suarez ",
17 | "main": "index.js",
18 | "bin": {
19 | "loose-envify": "cli.js"
20 | },
21 | "repository": {
22 | "type": "git",
23 | "url": "git://github.com/zertosh/loose-envify.git"
24 | },
25 | "scripts": {
26 | "test": "tap test/*.js"
27 | },
28 | "dependencies": {
29 | "js-tokens": "^3.0.0 || ^4.0.0"
30 | },
31 | "devDependencies": {
32 | "browserify": "^13.1.1",
33 | "envify": "^3.4.0",
34 | "tap": "^8.0.0"
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/math-random/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "math-random",
3 | "author": "Michael Rhodes",
4 | "version": "1.0.4",
5 | "main": "node.js",
6 | "browser": "browser.js",
7 | "repository": "github:michaelrhodes/math-random",
8 | "license": "MIT",
9 | "scripts": {
10 | "test": "dexy test.js"
11 | },
12 | "devDependencies": {
13 | "array-unique": "~0.2.1",
14 | "dexy": "github:michaelrhodes/dexy#1.0.1"
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/ms/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "ms",
3 | "version": "2.0.0",
4 | "description": "Tiny milisecond conversion utility",
5 | "repository": "zeit/ms",
6 | "main": "./index",
7 | "files": [
8 | "index.js"
9 | ],
10 | "scripts": {
11 | "precommit": "lint-staged",
12 | "lint": "eslint lib/* bin/*",
13 | "test": "mocha tests.js"
14 | },
15 | "eslintConfig": {
16 | "extends": "eslint:recommended",
17 | "env": {
18 | "node": true,
19 | "es6": true
20 | }
21 | },
22 | "lint-staged": {
23 | "*.js": [
24 | "npm run lint",
25 | "prettier --single-quote --write",
26 | "git add"
27 | ]
28 | },
29 | "license": "MIT",
30 | "devDependencies": {
31 | "eslint": "3.19.0",
32 | "expect.js": "0.3.1",
33 | "husky": "0.13.3",
34 | "lint-staged": "3.4.1",
35 | "mocha": "3.4.1"
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/object-assign/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "object-assign",
3 | "version": "4.1.1",
4 | "description": "ES2015 `Object.assign()` ponyfill",
5 | "license": "MIT",
6 | "repository": "sindresorhus/object-assign",
7 | "author": {
8 | "name": "Sindre Sorhus",
9 | "email": "sindresorhus@gmail.com",
10 | "url": "sindresorhus.com"
11 | },
12 | "engines": {
13 | "node": ">=0.10.0"
14 | },
15 | "scripts": {
16 | "test": "xo && ava",
17 | "bench": "matcha bench.js"
18 | },
19 | "files": [
20 | "index.js"
21 | ],
22 | "keywords": [
23 | "object",
24 | "assign",
25 | "extend",
26 | "properties",
27 | "es2015",
28 | "ecmascript",
29 | "harmony",
30 | "ponyfill",
31 | "prollyfill",
32 | "polyfill",
33 | "shim",
34 | "browser"
35 | ],
36 | "devDependencies": {
37 | "ava": "^0.16.0",
38 | "lodash": "^4.16.4",
39 | "matcha": "^0.7.0",
40 | "xo": "^0.16.0"
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/pause-stream/.npmignore:
--------------------------------------------------------------------------------
1 | node_modules
2 | node_modules/*
3 | npm_debug.log
4 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/pause-stream/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "pause-stream",
3 | "version": "0.0.11",
4 | "description": "a ThroughStream that strictly buffers all readable events when paused.",
5 | "main": "index.js",
6 | "directories": {
7 | "test": "test"
8 | },
9 | "devDependencies": {
10 | "stream-tester": "0.0.2",
11 | "stream-spec": "~0.2.0"
12 | },
13 | "scripts": {
14 | "test": "node test/index.js && node test/pause-end.js"
15 | },
16 | "repository": {
17 | "type": "git",
18 | "url": "git://github.com/dominictarr/pause-stream.git"
19 | },
20 | "keywords": [
21 | "stream",
22 | "pipe",
23 | "pause",
24 | "drain",
25 | "buffer"
26 | ],
27 | "author": "Dominic Tarr (dominictarr.com)",
28 | "license": [
29 | "MIT",
30 | "Apache2"
31 | ],
32 | "dependencies": {
33 | "through": "~2.3"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/preserve/.npmignore:
--------------------------------------------------------------------------------
1 | # Numerous always-ignore extensions
2 | *.csv
3 | *.dat
4 | *.diff
5 | *.err
6 | *.gz
7 | *.log
8 | *.orig
9 | *.out
10 | *.pid
11 | *.rar
12 | *.rej
13 | *.seed
14 | *.swo
15 | *.swp
16 | *.vi
17 | *.yo-rc.json
18 | *.zip
19 | *~
20 | .ruby-version
21 | lib-cov
22 | npm-debug.log
23 |
24 | # Always-ignore dirs
25 | /bower_components/
26 | /node_modules/
27 | /temp/
28 | /tmp/
29 | /vendor/
30 | _gh_pages
31 |
32 | # OS or Editor folders
33 | *.esproj
34 | *.komodoproject
35 | .komodotools
36 | *.sublime-*
37 | ._*
38 | .cache
39 | .DS_Store
40 | .idea
41 | .project
42 | .settings
43 | .tmproj
44 | nbproject
45 | Thumbs.db
46 |
47 | # grunt-html-validation
48 | validation-status.json
49 | validation-report.json
50 |
51 | # misc
52 | TODO.md
53 | benchmark
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/react-dom/build-info.json:
--------------------------------------------------------------------------------
1 | {
2 | "branch": "master",
3 | "buildNumber": "91354",
4 | "checksum": "b0ed8f5",
5 | "commit": "d28bd2994",
6 | "environment": "ci",
7 | "reactVersion": "16.12.0-d28bd2994"
8 | }
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/react-is/build-info.json:
--------------------------------------------------------------------------------
1 | {
2 | "branch": "pull/18344",
3 | "buildNumber": "106499",
4 | "checksum": "7fe5a2e",
5 | "commit": "da834083c",
6 | "environment": "ci",
7 | "reactVersion": "16.12.0-da834083c"
8 | }
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/react-is/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "react-is",
3 | "version": "16.13.1",
4 | "description": "Brand checking of React Elements.",
5 | "main": "index.js",
6 | "repository": {
7 | "type": "git",
8 | "url": "https://github.com/facebook/react.git",
9 | "directory": "packages/react-is"
10 | },
11 | "keywords": [
12 | "react"
13 | ],
14 | "license": "MIT",
15 | "bugs": {
16 | "url": "https://github.com/facebook/react/issues"
17 | },
18 | "homepage": "https://reactjs.org/",
19 | "files": [
20 | "LICENSE",
21 | "README.md",
22 | "build-info.json",
23 | "index.js",
24 | "cjs/",
25 | "umd/"
26 | ]
27 | }
28 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/scheduler/build-info.json:
--------------------------------------------------------------------------------
1 | {
2 | "branch": "pull/18344",
3 | "buildNumber": "106499",
4 | "checksum": "7fe5a2e",
5 | "commit": "da834083c",
6 | "environment": "ci",
7 | "reactVersion": "16.12.0-da834083c"
8 | }
9 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/scheduler/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "scheduler",
3 | "version": "0.19.1",
4 | "description": "Cooperative scheduler for the browser environment.",
5 | "main": "index.js",
6 | "repository": {
7 | "type": "git",
8 | "url": "https://github.com/facebook/react.git",
9 | "directory": "packages/scheduler"
10 | },
11 | "license": "MIT",
12 | "keywords": [
13 | "react"
14 | ],
15 | "bugs": {
16 | "url": "https://github.com/facebook/react/issues"
17 | },
18 | "homepage": "https://reactjs.org/",
19 | "dependencies": {
20 | "loose-envify": "^1.1.0",
21 | "object-assign": "^4.1.1"
22 | },
23 | "files": [
24 | "LICENSE",
25 | "README.md",
26 | "build-info.json",
27 | "index.js",
28 | "tracing.js",
29 | "tracing-profiling.js",
30 | "unstable_mock.js",
31 | "cjs/",
32 | "umd/"
33 | ],
34 | "browserify": {
35 | "transform": [
36 | "loose-envify"
37 | ]
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/shelljs/.documentup.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "ShellJS",
3 | "twitter": [
4 | "r2r"
5 | ]
6 | }
7 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/shelljs/.npmignore:
--------------------------------------------------------------------------------
1 | test/
2 | tmp/
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/shelljs/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "shelljs",
3 | "version": "0.5.3",
4 | "author": "Artur Adib ",
5 | "description": "Portable Unix shell commands for Node.js",
6 | "keywords": [
7 | "unix",
8 | "shell",
9 | "makefile",
10 | "make",
11 | "jake",
12 | "synchronous"
13 | ],
14 | "repository": {
15 | "type": "git",
16 | "url": "git://github.com/arturadib/shelljs.git"
17 | },
18 | "license": "BSD*",
19 | "homepage": "http://github.com/arturadib/shelljs",
20 | "main": "./shell.js",
21 | "scripts": {
22 | "test": "node scripts/run-tests"
23 | },
24 | "bin": {
25 | "shjs": "./bin/shjs"
26 | },
27 | "dependencies": {},
28 | "devDependencies": {
29 | "jshint": "~2.1.11"
30 | },
31 | "optionalDependencies": {},
32 | "engines": {
33 | "node": ">=0.8.0"
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/through/LICENSE.APACHE2:
--------------------------------------------------------------------------------
1 | Apache License, Version 2.0
2 |
3 | Copyright (c) 2011 Dominic Tarr
4 |
5 | Licensed under the Apache License, Version 2.0 (the "License");
6 | you may not use this file except in compliance with the License.
7 | You may obtain a copy of the License at
8 |
9 | http://www.apache.org/licenses/LICENSE-2.0
10 |
11 | Unless required by applicable law or agreed to in writing, software
12 | distributed under the License is distributed on an "AS IS" BASIS,
13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | See the License for the specific language governing permissions and
15 | limitations under the License.
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/node_modules/through/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "through",
3 | "version": "2.3.8",
4 | "description": "simplified stream construction",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "set -e; for t in test/*.js; do node $t; done"
8 | },
9 | "devDependencies": {
10 | "stream-spec": "~0.3.5",
11 | "tape": "~2.3.2",
12 | "from": "~0.1.3"
13 | },
14 | "keywords": [
15 | "stream",
16 | "streams",
17 | "user-streams",
18 | "pipe"
19 | ],
20 | "author": "Dominic Tarr (dominictarr.com)",
21 | "license": "MIT",
22 | "repository": {
23 | "type": "git",
24 | "url": "https://github.com/dominictarr/through.git"
25 | },
26 | "homepage": "https://github.com/dominictarr/through",
27 | "testling": {
28 | "browsers": [
29 | "ie/8..latest",
30 | "ff/15..latest",
31 | "chrome/20..latest",
32 | "safari/5.1..latest"
33 | ],
34 | "files": "test/*.js"
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "test",
3 | "version": "0.0.1",
4 | "lockfileVersion": 1,
5 | "requires": true,
6 | "dependencies": {
7 | "braces": "1.8.5",
8 | "dns-sync": "^0.1.3",
9 | "fake_submodule": "file:fake_submodule",
10 | "lighter-run": "^1.2.1",
11 | "pause-stream": "0.0.11",
12 | "react-dom": "npm:@hot-loader/react-dom"
13 | },
14 | "comments": {
15 | "//": "fsevents will be installed only on macOS"
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/test_lockv2/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "test",
3 | "version": "0.0.1",
4 | "requires": true,
5 | "dependencies": {
6 | "is-number": "2.1.0",
7 | "isobject": "2.1.0"
8 | },
9 | "comments": {
10 | "//": "fsevents will be installed only on macOS"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/core/src/test/resources/nodejs/test_lockv3/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "test",
3 | "version": "0.0.1",
4 | "requires": true,
5 | "dependencies": {
6 | "is-number": "2.1.0",
7 | "isobject": "2.1.0"
8 | },
9 | "comments": {
10 | "//": "fsevents will be installed only on macOS"
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/core/src/test/resources/nugetconf/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/core/src/test/resources/nuspec/test.nuspec:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 1.0.0
5 | brianfox
6 | bobsmack
7 |
8 |
9 |
10 | TestDepCheck
11 | Test Package
12 | false
13 | Test package for Dependency Check Analyzer
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/core/src/test/resources/other-suppressions.xml:
--------------------------------------------------------------------------------
1 |
2 |
19 |
20 |
21 |
24 | ^com\.fasterxml\.jackson.*:.*:.*$
25 | cpe:/a:fasterxml:jackson
26 |
27 |
28 |
--------------------------------------------------------------------------------
/core/src/test/resources/pip/Pipfile:
--------------------------------------------------------------------------------
1 | [[source]]
2 | url = "https://pypi.org/simple"
3 | verify_ssl = true
4 | name = "pypi"
5 |
6 | [dev-packages]
7 | pipenv = {path = ".", editable = true, extras = ["tests", "dev"]}
8 | sphinx = "==4.*"
9 | sphinx-click = "==4.*"
10 | sphinxcontrib-spelling = "==7.*"
11 | click = "==8.0.3"
12 | pypiserver = "==1.*"
13 | stdeb = {version="*", markers="sys_platform == 'linux'"}
14 | zipp = {version = "==3.6.0", markers = "python_version < '3.10'"}
15 | pre-commit = "==2.*"
16 | atomicwrites = {version = "*", markers="sys_platform == 'win32'"}
17 | pytest-cov = "==3.*"
18 | typing-extensions = "==4.*"
19 | waitress = {version = "*", markers="sys_platform == 'win32'"}
20 | gunicorn = {version = "*", markers="sys_platform == 'linux'"}
21 | parse = "*"
22 | importlib-metadata = {version = "*", markers="python_version < '3.8'"}
23 | colorama= {version = "*", markers="sys_platform == 'win32'"}
24 |
25 | [packages]
26 |
27 | [scripts]
28 | tests = "bash ./run-tests.sh"
29 | test = "pytest -vvs"
30 |
31 | [pipenv]
32 | allow_prereleases = true
33 |
--------------------------------------------------------------------------------
/core/src/test/resources/pnpmaudit/fake_submodule/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "fake_submodule",
3 | "version": "1.0.0",
4 | "description": "",
5 | "main": "index.js",
6 | "scripts": {
7 | "test": "echo \"Error: no test specified\" && exit 1"
8 | },
9 | "keywords": [],
10 | "author": "",
11 | "license": "ISC",
12 | "dependencies": {
13 | "braces": "^1.8.5"
14 | }
15 | }
16 |
--------------------------------------------------------------------------------
/core/src/test/resources/pnpmaudit/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "test",
3 | "version": "0.0.1",
4 | "lockfileVersion": 1,
5 | "requires": true,
6 | "dependencies": {
7 | "braces": "1.8.5",
8 | "dns-sync": "^0.1.3",
9 | "fake_submodule": "file:fake_submodule",
10 | "lighter-run": "^1.2.1",
11 | "pause-stream": "0.0.11",
12 | "react-dom": "npm:@hot-loader/react-dom"
13 | },
14 | "comments": {
15 | "//": "fsevents will be installed only on macOS"
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/core/src/test/resources/python-poetry-toml/pyproject.toml:
--------------------------------------------------------------------------------
1 | [tool.poetry]
2 | name = "test"
3 | version = "0.1.0"
4 | description = ""
5 | authors = ["Your Name "]
6 | readme = "README.md"
7 |
8 | [tool.poetry.dependencies]
9 | python = "^3.7"
10 |
11 |
12 | [build-system]
13 | requires = ["poetry-core"]
14 | build-backend = "poetry.core.masonry.api"
15 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/Django-1.7.2-py2.py3-none-any.whl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/Django-1.7.2-py2.py3-none-any.whl
--------------------------------------------------------------------------------
/core/src/test/resources/python/dist/EggTest-0.0.1-py2.7.egg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/dist/EggTest-0.0.1-py2.7.egg
--------------------------------------------------------------------------------
/core/src/test/resources/python/dist/EggTest-0.0.1-py2.7.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/dist/EggTest-0.0.1-py2.7.zip
--------------------------------------------------------------------------------
/core/src/test/resources/python/eggtest/__about__.py:
--------------------------------------------------------------------------------
1 | __all__ = ["__title__", "__summary__", "__uri__", "__version__", "__author__",
2 | "__email__" ]
3 |
4 | __title__ = "EggTest"
5 | __summary__ = "Simple project for producing an .egg."
6 | __uri__ = "http://example.org/eggtest"
7 | __version__ = "0.0.1"
8 | __author__ = "Dale Visser"
9 | __email__ = "dvisser@ida.org"
--------------------------------------------------------------------------------
/core/src/test/resources/python/eggtest/__init__.py:
--------------------------------------------------------------------------------
1 | from eggtest import main
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/eggtest/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/eggtest/__init__.pyc
--------------------------------------------------------------------------------
/core/src/test/resources/python/eggtest/main.py:
--------------------------------------------------------------------------------
1 | print 'Hello from eggtest!'
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/eggtest/main.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/eggtest/main.pyc
--------------------------------------------------------------------------------
/core/src/test/resources/python/setup.py:
--------------------------------------------------------------------------------
1 | from setuptools import setup
2 |
3 | about = {}
4 | execfile('eggtest/__about__.py', about)
5 | setup(name = about['__title__'],
6 | packages = ['eggtest'],
7 | version = about['__version__'],
8 | description = about['__summary__'],
9 | url = about['__uri__'],
10 | author = about['__author__'],
11 | author_email = about['__email__'])
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/Django-1.7.2.data/scripts/django-admin.py:
--------------------------------------------------------------------------------
1 | #!python
2 | from django.core import management
3 |
4 | if __name__ == "__main__":
5 | management.execute_from_command_line()
6 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/Django-1.7.2.dist-info/DESCRIPTION.rst:
--------------------------------------------------------------------------------
1 | UNKNOWN
2 |
3 |
4 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/Django-1.7.2.dist-info/WHEEL:
--------------------------------------------------------------------------------
1 | Wheel-Version: 1.0
2 | Generator: bdist_wheel (0.24.0)
3 | Root-Is-Purelib: true
4 | Tag: py2-none-any
5 | Tag: py3-none-any
6 |
7 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/Django-1.7.2.dist-info/entry_points.txt:
--------------------------------------------------------------------------------
1 | [console_scripts]
2 | django-admin = django.core.management:execute_from_command_line
3 |
4 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/Django-1.7.2.dist-info/top_level.txt:
--------------------------------------------------------------------------------
1 | django
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/PKG-INFO:
--------------------------------------------------------------------------------
1 | Metadata-Version: 1.0
2 | Name: EggTest
3 | Version: 0.0.1
4 | Summary: Simple project for producing an .egg.
5 | Home-page: http://example.org/eggtest
6 | Author: Dale Visser
7 | Author-email: dvisser@ida.org
8 | License: UNKNOWN
9 | Description: UNKNOWN
10 | Platform: UNKNOWN
11 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/SOURCES.txt:
--------------------------------------------------------------------------------
1 | setup.py
2 | EggTest.egg-info/PKG-INFO
3 | EggTest.egg-info/SOURCES.txt
4 | EggTest.egg-info/dependency_links.txt
5 | EggTest.egg-info/top_level.txt
6 | eggtest/__about__.py
7 | eggtest/__init__.py
8 | eggtest/main.py
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/dependency_links.txt:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/top_level.txt:
--------------------------------------------------------------------------------
1 | eggtest
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/EGG-INFO/zip-safe:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__about__.py:
--------------------------------------------------------------------------------
1 | __all__ = ["__title__", "__summary__", "__uri__", "__version__", "__author__",
2 | "__email__" ]
3 |
4 | __title__ = "EggTest"
5 | __summary__ = "Simple project for producing an .egg."
6 | __uri__ = "http://example.org/eggtest"
7 | __version__ = "0.0.1"
8 | __author__ = "Dale Visser"
9 | __email__ = "dvisser@ida.org"
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__about__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__about__.pyc
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__init__.py:
--------------------------------------------------------------------------------
1 | from eggtest import main
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/__init__.pyc
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/main.py:
--------------------------------------------------------------------------------
1 | print 'Hello from eggtest!'
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/main.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/python/site-packages/EggTest-0.0.1-py2.7.egg/eggtest/main.pyc
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest.egg-info/PKG-INFO:
--------------------------------------------------------------------------------
1 | Metadata-Version: 1.0
2 | Name: EggTest
3 | Version: 0.0.1
4 | Summary: Simple project for producing an .egg.
5 | Home-page: http://example.org/eggtest
6 | Author: Dale Visser
7 | Author-email: dvisser@ida.org
8 | License: UNKNOWN
9 | Description: UNKNOWN
10 | Platform: UNKNOWN
11 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest.egg-info/SOURCES.txt:
--------------------------------------------------------------------------------
1 | setup.py
2 | EggTest.egg-info/PKG-INFO
3 | EggTest.egg-info/SOURCES.txt
4 | EggTest.egg-info/dependency_links.txt
5 | EggTest.egg-info/top_level.txt
6 | eggtest/__init__.py
7 | eggtest/main.py
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest.egg-info/dependency_links.txt:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/EggTest.egg-info/top_level.txt:
--------------------------------------------------------------------------------
1 | eggtest
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/python/site-packages/django/__init__.py:
--------------------------------------------------------------------------------
1 | VERSION = (1, 7, 2, 'final', 0)
2 |
3 |
4 | def get_version(*args, **kwargs):
5 | # Don't litter django/__init__.py with all the get_version stuff.
6 | # Only import if it's actually called.
7 | from django.utils.version import get_version
8 | return get_version(*args, **kwargs)
9 |
10 |
11 | def setup():
12 | """
13 | Configure the settings (this happens as a side effect of accessing the
14 | first setting), configure logging and populate the app registry.
15 | """
16 | from django.apps import apps
17 | from django.conf import settings
18 | from django.utils.log import configure_logging
19 |
20 | configure_logging(settings.LOGGING_CONFIG, settings.LOGGING)
21 | apps.populate(settings.INSTALLED_APPS)
22 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/invalid-bundle-audit:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/vulnerable/gems/sinatra/Gemfile:
--------------------------------------------------------------------------------
1 | # encoding: utf-8
2 | source 'https://rubygems.org'
3 |
4 | gem 'sinatra'
5 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/vulnerable/gems/sinatra/Gemfile.lock:
--------------------------------------------------------------------------------
1 | GEM
2 | remote: https://rubygems.org/
3 | specs:
4 | rack (1.5.2)
5 | rack-protection (1.5.2)
6 | rack
7 | sinatra (1.4.4)
8 | rack (~> 1.4)
9 | rack-protection (~> 1.4)
10 | tilt (~> 1.3, >= 1.3.4)
11 | tilt (1.4.1)
12 |
13 | PLATFORMS
14 | ruby
15 |
16 | DEPENDENCIES
17 | sinatra
18 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/vulnerable/gems/specifications/activerecord-oracle_enhanced-adapter-1.1.7.gemspec:
--------------------------------------------------------------------------------
1 | # -*- encoding: utf-8 -*-
2 | # stub: activerecord-oracle_enhanced-adapter 1.1.7 ruby lib
3 |
4 | Gem::Specification.new do |s|
5 | s.name = "activerecord-oracle_enhanced-adapter"
6 | s.version = "1.1.7"
7 |
8 | s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
9 | s.require_paths = ["lib"]
10 | s.authors = ["Raimonds Simanovskis"]
11 | s.date = "2008-08-20"
12 | s.description = "Oracle enhaced adapter for Active Record"
13 | s.email = ["raymonds72@gmail.com"]
14 | s.extra_rdoc_files = ["History.txt", "License.txt", "README.txt"]
15 | s.files = ["History.txt", "License.txt", "README.txt"]
16 | s.homepage = "http://oracle-enhanced.rubyforge.org"
17 | s.post_install_message = ""
18 | s.rdoc_options = ["--main", "README.txt"]
19 | s.rubyforge_project = "oracle-enhanced"
20 | s.rubygems_version = "2.2.2"
21 | s.summary = "Oracle enhaced adapter for Active Record"
22 |
23 | s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
24 | end
25 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/vulnerable/gems/specifications/i18n-0.7.0.gemspec:
--------------------------------------------------------------------------------
1 | # -*- encoding: utf-8 -*-
2 | # stub: i18n 0.7.0 ruby lib
3 |
4 | Gem::Specification.new do |s|
5 | s.name = "i18n"
6 | s.version = "0.7.0"
7 |
8 | s.required_rubygems_version = Gem::Requirement.new(">= 1.3.5") if s.respond_to? :required_rubygems_version=
9 | s.require_paths = ["lib"]
10 | s.authors = ["Sven Fuchs", "Joshua Harvey", "Matt Aimonetti", "Stephan Soller", "Saimon Moore"]
11 | s.date = "2014-12-19"
12 | s.description = "New wave Internationalization support for Ruby."
13 | s.email = "rails-i18n@googlegroups.com"
14 | s.homepage = "http://github.com/svenfuchs/i18n"
15 | s.licenses = ["MIT"]
16 | s.required_ruby_version = Gem::Requirement.new(">= 1.9.3")
17 | s.rubyforge_project = "[none]"
18 | s.rubygems_version = "2.2.2"
19 | s.summary = "New wave Internationalization support for Ruby"
20 |
21 | s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
22 | end
23 |
--------------------------------------------------------------------------------
/core/src/test/resources/ruby/vulnerable/gems/specifications/polyglot-0.3.5.gemspec:
--------------------------------------------------------------------------------
1 | # -*- encoding: utf-8 -*-
2 | # stub: polyglot 0.3.5 ruby lib
3 |
4 | Gem::Specification.new do |s|
5 | s.name = "polyglot"
6 | s.version = "0.3.5"
7 |
8 | s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
9 | s.require_paths = ["lib"]
10 | s.authors = ["Clifford Heath"]
11 | s.date = "2014-05-30"
12 | s.description = "\nThe Polyglot library allows a Ruby module to register a loader\nfor the file type associated with a filename extension, and it\naugments 'require' to find and load matching files."
13 | s.email = ["clifford.heath@gmail.com"]
14 | s.extra_rdoc_files = ["README.txt"]
15 | s.files = ["README.txt"]
16 | s.homepage = "http://github.com/cjheath/polyglot"
17 | s.licenses = ["MIT"]
18 | s.rubygems_version = "2.2.2"
19 | s.summary = "Augment 'require' to load non-Ruby file types"
20 |
21 | s.installed_by_version = "2.2.2" if s.respond_to? :installed_by_version
22 | end
23 |
--------------------------------------------------------------------------------
/core/src/test/resources/stagedhttp-modified.tar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/stagedhttp-modified.tar
--------------------------------------------------------------------------------
/core/src/test/resources/struts-1.2.9-162.35.1.uyuni.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/struts-1.2.9-162.35.1.uyuni.noarch.rpm
--------------------------------------------------------------------------------
/core/src/test/resources/struts.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/struts.zip
--------------------------------------------------------------------------------
/core/src/test/resources/swift/Gloss/Gloss.podspec:
--------------------------------------------------------------------------------
1 | Pod::Spec.new do |s|
2 | s.name = "Gloss"
3 | s.version = "0.7.2"
4 | s.summary = "A shiny JSON parsing library in Swift"
5 | s.description = "A shiny JSON parsing library in Swift. Features include mapping JSON to objects, mapping objects to JSON, handling of nested objects and custom transformations."
6 | s.homepage = "https://github.com/hkellaway/Gloss"
7 | s.license = { :type => "MIT", :file => "LICENSE" }
8 | s.author = { "Harlan Kellaway" => "hello@harlankellaway.com" }
9 | s.social_media_url = "http://twitter.com/HarlanKellaway"
10 | s.source = { :git => "https://github.com/hkellaway/Gloss.git", :tag => s.version.to_s }
11 |
12 | s.platforms = { :ios => "8.0", :osx => "10.9", :tvos => "9.0", :watchos => "2.0" }
13 | s.requires_arc = true
14 |
15 | s.source_files = 'Sources/*.{swift}'
16 |
17 | end
18 |
--------------------------------------------------------------------------------
/core/src/test/resources/swift/carthage/Cartfile.resolved:
--------------------------------------------------------------------------------
1 | binary "https://dl.google.com/geosdk/GoogleMaps.json" "7.2.0"
2 | git "https://gitlab.matrix.org/matrix-org/olm.git" "3.2.16"
3 | github "CocoaLumberjack/CocoaLumberjack" "3.8.5"
4 | github "chrisballinger/libidn-framework" "1.35.1"
5 | github "stephencelis/SQLite.swift" "0.12.2"
6 | github "robbiehanson/KissXML" "5.3.3"
7 | github "robbiehanson/XMPPFramework" "4.1.0"
8 | binary "Alamofire.json" "4.8.2"
9 | github "MatthewYork/DateTools" "c36311e6c0b28103f32311b54f1d27a334785bcc"
10 |
--------------------------------------------------------------------------------
/core/src/test/resources/swift/cocoapods/Podfile:
--------------------------------------------------------------------------------
1 | platform :ios, '9.0'
2 | inhibit_all_warnings!
3 |
4 | target 'MyApp' do
5 | pod 'FBSDKLoginKit', '4.33.0'
6 | pod 'FirebaseCore'
7 |
8 | target "MyAppTests" do
9 | inherit! :search_paths
10 | pod 'OCMock', '~> 3.4'
11 | end
12 | end
13 |
14 | post_install do |installer|
15 | installer.pods_project.targets.each do |target|
16 | puts "#{target.name}"
17 | end
18 | end
19 |
--------------------------------------------------------------------------------
/core/src/test/resources/swift/spm/Package.resolved:
--------------------------------------------------------------------------------
1 | {
2 | "object": {
3 | "pins": [
4 | {
5 | "package": "Alamofire",
6 | "repositoryURL": "https://github.com/Alamofire/Alamofire.git",
7 | "state": {
8 | "branch": null,
9 | "revision": "f96b619bcb2383b43d898402283924b80e2c4bae",
10 | "version": "5.4.3"
11 | }
12 | },
13 | {
14 | "package": "AlamofireImage",
15 | "repositoryURL": "https://github.com/Alamofire/AlamofireImage",
16 | "state": {
17 | "branch": null,
18 | "revision": "98cbb00ce0ec5fc8e52a5b50a6bfc08d3e5aee10",
19 | "version": "4.2.0"
20 | }
21 | },
22 | {
23 | "package": "Facebook",
24 | "repositoryURL": "https://github.com/facebook/facebook-ios-sdk",
25 | "state": {
26 | "branch": null,
27 | "revision": "c3d367656ae8ced1149c2c6a5e6b5dd91ecad63c",
28 | "version": "9.3.0"
29 | }
30 | }
31 | ]
32 | },
33 | "version": 1
34 | }
--------------------------------------------------------------------------------
/core/src/test/resources/swift/spmV2/Package.resolved:
--------------------------------------------------------------------------------
1 | {
2 | "pins" : [
3 | {
4 | "identity" : "alamofire",
5 | "kind" : "remoteSourceControl",
6 | "location" : "https://github.com/Alamofire/Alamofire.git",
7 | "state" : {
8 | "revision" : "f96b619bcb2383b43d898402283924b80e2c4bae",
9 | "version" : "5.4.3"
10 | }
11 | },
12 | {
13 | "identity" : "alamofireimage",
14 | "kind" : "remoteSourceControl",
15 | "location" : "https://github.com/Alamofire/AlamofireImage",
16 | "state" : {
17 | "revision" : "98cbb00ce0ec5fc8e52a5b50a6bfc08d3e5aee10",
18 | "version" : "4.2.0"
19 | }
20 | },
21 | {
22 | "identity" : "facebook",
23 | "kind" : "remoteSourceControl",
24 | "location" : "https://github.com/facebook/facebook-ios-sdk",
25 | "state" : {
26 | "revision": "c3d367656ae8ced1149c2c6a5e6b5dd91ecad63c",
27 | "version": "9.3.0"
28 | }
29 | }
30 | ],
31 | "version" : 2
32 | }
--------------------------------------------------------------------------------
/core/src/test/resources/swift/spmV3/Package.resolved:
--------------------------------------------------------------------------------
1 | {
2 | "originHash" : "61eefff3bfa0b743e81a1adc984d45c84d89137e9f3c6d1c0c2e8898ae90ea9a",
3 | "pins" : [
4 | {
5 | "identity" : "alamofire",
6 | "kind" : "remoteSourceControl",
7 | "location" : "https://github.com/Alamofire/Alamofire.git",
8 | "state" : {
9 | "revision" : "f96b619bcb2383b43d898402283924b80e2c4bae",
10 | "version" : "5.4.3"
11 | }
12 | },
13 | {
14 | "identity" : "alamofireimage",
15 | "kind" : "remoteSourceControl",
16 | "location" : "https://github.com/Alamofire/AlamofireImage",
17 | "state" : {
18 | "revision" : "98cbb00ce0ec5fc8e52a5b50a6bfc08d3e5aee10",
19 | "version" : "4.2.0"
20 | }
21 | },
22 | {
23 | "identity" : "facebook-ios-sdk",
24 | "kind" : "remoteSourceControl",
25 | "location" : "https://github.com/facebook/facebook-ios-sdk",
26 | "state" : {
27 | "revision" : "c3d367656ae8ced1149c2c6a5e6b5dd91ecad63c",
28 | "version" : "9.3.0"
29 | }
30 | }
31 | ],
32 | "version" : 3
33 | }
34 |
--------------------------------------------------------------------------------
/core/src/test/resources/test.properties:
--------------------------------------------------------------------------------
1 | proxy.port=80
--------------------------------------------------------------------------------
/core/src/test/resources/test.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/test.zip
--------------------------------------------------------------------------------
/core/src/test/resources/uber-1.0-SNAPSHOT.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/uber-1.0-SNAPSHOT.jar
--------------------------------------------------------------------------------
/core/src/test/resources/xmlsec-2.0.7-3.7.uyuni.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/xmlsec-2.0.7-3.7.uyuni.noarch.rpm
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/.yarn/install-state.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/.yarn/install-state.gz
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/.yarnrc.yml:
--------------------------------------------------------------------------------
1 | nodeLinker: node-modules
2 |
3 | yarnPath: .yarn/releases/yarn-4.6.0.cjs
4 |
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/node_modules/.yarn-state.yml:
--------------------------------------------------------------------------------
1 | # Warning: This file is automatically generated. Removing it is fine, but will
2 | # cause your node_modules installation to become invalidated.
3 |
4 | __metadata:
5 | version: 1
6 | nmMode: classic
7 |
8 | "owasp-nodejs-goat@workspace:.":
9 | locations:
10 | - ""
11 |
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "owasp-nodejs-goat",
3 | "private": true,
4 | "version": "1.3.0",
5 | "description": "A tool to learn OWASP Top 10 for node.js developers",
6 | "main": "server.js",
7 | "comments": {
8 | "//": "a9 insecure components"
9 | },
10 | "scripts": {
11 | "start": "node server.js",
12 | "test": "node node_modules/grunt-cli/bin/grunt test",
13 | "db:seed": "grunt db-reset",
14 | "precommit": "grunt precommit"
15 | },
16 | "repository": "https://github.com/OWASP/NodejsGoat",
17 | "license": "Apache 2.0",
18 | "packageManager": "yarn@4.6.0"
19 | }
20 |
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit-no-vulnerability/yarn.lock:
--------------------------------------------------------------------------------
1 | # This file is generated by running "yarn install" inside your project.
2 | # Manual changes might be lost - proceed with caution!
3 |
4 | __metadata:
5 | version: 8
6 | cacheKey: 10c0
7 |
8 | "owasp-nodejs-goat@workspace:.":
9 | version: 0.0.0-use.local
10 | resolution: "owasp-nodejs-goat@workspace:."
11 | languageName: unknown
12 | linkType: soft
13 |
--------------------------------------------------------------------------------
/core/src/test/resources/yarn/yarn-berry-audit/.yarnrc.yml:
--------------------------------------------------------------------------------
1 | nodeLinker: node-modules
2 |
3 | yarnPath: .yarn/releases/yarn-4.6.0.cjs
4 |
--------------------------------------------------------------------------------
/coverity_scan.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | if [ $TRAVIS_BRANCH = "master" ] && [ $TRAVIS_EVENT_TYPE = "cron" ] ; then
4 | echo "Executing Coverity Scan"
5 |
6 | export COVERITY_SCAN_PROJECT_NAME="jeremylong/DependencyCheck"
7 | export COVERITY_SCAN_NOTIFICATION_EMAIL="jeremy.long@owasp.org"
8 | export COVERITY_SCAN_BRANCH_PATTERN="master"
9 | export COVERITY_SCAN_BUILD_COMMAND="mvn package -Dmaven.test.skip=true"
10 |
11 | curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | bash
12 | fi
--------------------------------------------------------------------------------
/docker-pullcount.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash
2 |
3 | curl -s https://hub.docker.com/v2/repositories/owasp/dependency-check/ | python3 -c "import sys, json; print(json.load(sys.stdin)['pull_count'])"
--------------------------------------------------------------------------------
/list-changes.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 | ##https://blogs.sap.com/2018/06/22/generating-release-notes-from-git-commit-messages-using-basic-shell-commands-gitgrep/
3 | git --no-pager log $(git describe --tags --abbrev=0)..HEAD --pretty=format:" - %s" | grep -v ' - Bump'
--------------------------------------------------------------------------------
/maven/NOTICE.txt:
--------------------------------------------------------------------------------
1 | dependency-check-maven
2 |
3 | Copyright (c) 2013 Jeremy Long. All Rights Reserved.
4 |
5 | The licenses for the software listed below can be found in the META-INF/licenses/[dependency name].
6 |
7 | This product includes software developed by The Apache Software Foundation (http://www.apache.org/).
8 |
9 | This product includes data from the Common Weakness Enumeration (CWE): http://cwe.mitre.org/
10 |
11 | This product downloads and utilizes data from the National Vulnerability Database hosted by NIST: http://nvd.nist.gov/download.cfm
--------------------------------------------------------------------------------
/maven/README.md:
--------------------------------------------------------------------------------
1 | Dependency-Check-Maven
2 | =========
3 |
4 | Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
5 |
6 | Documentation and links to production binary releases can be found on the [github pages](https://dependency-check.github.io/DependencyCheck/dependency-check-maven/index.html).
7 |
8 | Copyright & License
9 | -------------------
10 |
11 | Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
12 |
13 | Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt](https://github.com/dependency-check/DependencyCheck/blob/main/LICENSE.txt) file for the full license.
14 |
15 | Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt][notices] file for more information.
16 |
17 | [notices]: https://github.com/dependency-check/DependencyCheck/blob/main/maven/NOTICE.txt
18 |
--------------------------------------------------------------------------------
/maven/src/it/1512-transitive-test/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=XML -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/1527-aggregate-updated-dependencies/new/lib/src/main/resources/dummy.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/maven/src/it/1527-aggregate-updated-dependencies/new/lib/src/main/resources/dummy.properties
--------------------------------------------------------------------------------
/maven/src/it/1527-aggregate-updated-dependencies/new/war/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | test-service
6 |
--------------------------------------------------------------------------------
/maven/src/it/1527-aggregate-updated-dependencies/old/lib/src/main/resources/dummy.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/maven/src/it/1527-aggregate-updated-dependencies/old/lib/src/main/resources/dummy.properties
--------------------------------------------------------------------------------
/maven/src/it/1527-aggregate-updated-dependencies/old/war/src/main/webapp/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | test-service
6 |
--------------------------------------------------------------------------------
/maven/src/it/1551-verify-dependency-management/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=XML -DskipDependencyManagement=false
20 |
--------------------------------------------------------------------------------
/maven/src/it/1677-dependency-management/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=XML -DskipDependencyManagement=false -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/1751-use-child-repositories/1751-child-one/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 4.0.0
4 |
5 | 1751-use-child-repositories
6 | org.owasp.test
7 | 1.0.0-SNAPSHOT
8 | ..
9 |
10 | 1751-child-one
11 | jar
12 |
13 |
14 | confluent
15 | https://packages.confluent.io/maven
16 |
17 |
18 |
19 |
20 | io.confluent
21 | kafka-avro-serializer
22 | 1.0
23 |
24 |
25 |
--------------------------------------------------------------------------------
/maven/src/it/1751-use-child-repositories/1751-child-two/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | 4.0.0
4 |
5 | org.owasp.test
6 | 1751-use-child-repositories
7 | 1.0.0-SNAPSHOT
8 |
9 | 1751-child-two
10 | jar
11 |
12 |
13 | org.owasp.test
14 | 1751-child-one
15 | ${project.version}
16 |
17 |
18 |
--------------------------------------------------------------------------------
/maven/src/it/1751-use-child-repositories/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ verify --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -X
20 |
--------------------------------------------------------------------------------
/maven/src/it/2494-managed-reactor-dependencies/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:aggregate -Dformat=JSON -Dcve.startyear=2018
--------------------------------------------------------------------------------
/maven/src/it/2494-managed-reactor-dependencies/sibling1/src/main/resources/dummy.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/maven/src/it/2494-managed-reactor-dependencies/sibling1/src/main/resources/dummy.properties
--------------------------------------------------------------------------------
/maven/src/it/2494-managed-reactor-dependencies/sibling2/src/main/resources/dummy.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/maven/src/it/2494-managed-reactor-dependencies/sibling2/src/main/resources/dummy.properties
--------------------------------------------------------------------------------
/maven/src/it/3679-classifier-in-dependency/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=XML -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/3730-classifier-in-dependency-aggregate/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:aggregate -Dformat=XML -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/3944-multimodule-virtual-duplication/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:aggregate -Dformat=XML -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/617-hierarchical-cross-deps/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ install --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/617-hierarchical-cross-deps/postbuild.groovy:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of dependency-check-maven.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | */
18 |
19 | return true;
--------------------------------------------------------------------------------
/maven/src/it/618-aggregator-update-only/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.central.enabled=false -Danalyzer.ossindex.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:update-only -Dcve.startyear=2018
--------------------------------------------------------------------------------
/maven/src/it/629-jackson-dataformat/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=XML -Dcve.startyear=2018
20 |
--------------------------------------------------------------------------------
/maven/src/it/690-threadsafety/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Dformat=JSON -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -T 8 -X
20 |
--------------------------------------------------------------------------------
/maven/src/it/690-threadsafety/postbuild.groovy:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of dependency-check-maven.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | */
18 |
19 | import org.apache.commons.lang3.StringUtils
20 |
21 | String log = new File(basedir, "build.log").text
22 | int count = StringUtils.countMatches(log, "Download Started for NVD CVE - 2020");
23 | if (count > 1){
24 | System.out.println(String.format("NVD CVE was downloaded %s times, should be 0 or 1 times", count));
25 | return false;
26 | }
27 | return true;
--------------------------------------------------------------------------------
/maven/src/it/710-pom-parse-error/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check -Dformat=JSON
20 |
--------------------------------------------------------------------------------
/maven/src/it/710-pom-parse-error/postbuild.groovy:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of dependency-check-maven.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * Copyright (c) 2017 Jeremy Long. All Rights Reserved.
17 | */
18 |
--------------------------------------------------------------------------------
/maven/src/it/730-multiple-suppression-files-configs/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-core.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2017 The OWASP Foundation. All Rights Reserved.
17 | #
18 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dformat=JSON -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check
19 |
--------------------------------------------------------------------------------
/maven/src/it/740-aggregate/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-maven.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17 | #
18 |
19 | invoker.goals = verify -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -X -T 1C
20 |
--------------------------------------------------------------------------------
/maven/src/it/740-aggregate/second/src/test/HelloWorld.js:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright (c) 2018 The OWAS Foundation. All Rights Reserved.
3 | */
4 | alert('hello world');
--------------------------------------------------------------------------------
/maven/src/it/815-broken-suppression-aggregate/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-core.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2017 The OWASP Foundation. All Rights Reserved.
17 | #
18 | invoker.buildResult = failure
19 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dformat=JSON -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:aggregate
20 |
--------------------------------------------------------------------------------
/maven/src/it/846-site-plugin/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-core.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2017 The OWASP Foundation. All Rights Reserved.
17 | #
18 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ site --no-transfer-progress --batch-mode -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false -Dodcversion=${project.version}
19 |
--------------------------------------------------------------------------------
/maven/src/it/artifactory-analyzer/invoker.properties:
--------------------------------------------------------------------------------
1 | #
2 | # This file is part of dependency-check-core.
3 | #
4 | # Licensed under the Apache License, Version 2.0 (the "License");
5 | # you may not use this file except in compliance with the License.
6 | # You may obtain a copy of the License at
7 | #
8 | # http://www.apache.org/licenses/LICENSE-2.0
9 | #
10 | # Unless required by applicable law or agreed to in writing, software
11 | # distributed under the License is distributed on an "AS IS" BASIS,
12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | # See the License for the specific language governing permissions and
14 | # limitations under the License.
15 | #
16 | # Copyright (c) 2017 The OWASP Foundation. All Rights Reserved.
17 | #
18 | invoker.goals = -DnvdApiKey=${NVD_API_KEY} -DnvdDatafeedUrl=https://dependency-check.github.io/DependencyCheck/hb_nvd/ --no-transfer-progress --batch-mode -Dformat=XML -Dcve.startyear=2018 -Danalyzer.ossindex.enabled=false -Danalyzer.central.enabled=false -Danalyzer.artifactory.enabled=false ${project.groupId}:${project.artifactId}:${project.version}:check
19 |
--------------------------------------------------------------------------------
/maven/src/it/artifactory-analyzer/postbuild.groovy:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of dependency-check-maven.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * Copyright (c) 2018 Nicolas Henneaux. All Rights Reserved.
17 | */
18 |
19 | import org.apache.commons.lang3.StringUtils
20 |
21 | String log = new File(basedir, "build.log").text
22 | int count = StringUtils.countMatches(log, "There was an issue connecting to Artifactory . Disabling analyzer.");
23 | if (count > 0) {
24 | System.out.println(String.format("There was an issue connecting to Artifactory . Disabling analyzer."));
25 | return false;
26 | }
27 |
--------------------------------------------------------------------------------
/maven/src/main/java/org/owasp/dependencycheck/maven/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * This is the main package containing the Mojo Maven Plugin - dependency-check.
3 | */
4 | package org.owasp.dependencycheck.maven;
5 |
--------------------------------------------------------------------------------
/maven/src/main/resources/mojo.properties:
--------------------------------------------------------------------------------
1 | # the path to the data directory
2 | ####
3 | #### If the data directory version is changed remember to change
4 | #### the gradle plugin also - `DataExtension.groovy`
5 | ####
6 | data.directory=[JAR]/../../dependency-check-data/11.0
7 | analyzer.central.enabled=false
8 |
--------------------------------------------------------------------------------
/maven/src/test/resources/dir_without_pom/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/maven/src/test/resources/dir_without_pom/.gitkeep
--------------------------------------------------------------------------------
/maven/src/test/resources/mojo.properties:
--------------------------------------------------------------------------------
1 | # the path to the data directory
2 | data.directory=[JAR]/dependency-check-data/11.0
3 |
--------------------------------------------------------------------------------
/prepare-release.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | git checkout main
4 | git pull --rebase
5 |
6 | SNAPSHOT=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
7 | RELEASE=${SNAPSHOT/-SNAPSHOT/}
8 |
9 | git checkout -b "release-$RELEASE"
10 |
11 | mvn release:prepare --no-transfer-progress --batch-mode
12 | mvn release:clean --no-transfer-progress --batch-mode
13 |
14 | git push origin "release-$RELEASE"
15 |
16 | git checkout main
17 |
18 | git branch -D "release-$RELEASE"
--------------------------------------------------------------------------------
/publish-docker.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | VERSION=$(mvn -q \
4 | -Dexec.executable="echo" \
5 | -Dexec.args='${project.version}' \
6 | --non-recursive \
7 | org.codehaus.mojo:exec-maven-plugin:1.3.1:exec)
8 |
9 | if [[ $VERSION = *"SNAPSHOT"* ]]; then
10 | echo "Do not publish a snapshot version of dependency-check"
11 | exit 1
12 | fi
13 | docker inspect --type=image owasp/dependency-check:$VERSION > /dev/null 2>&1
14 | if [[ "$?" -ne 0 ]] ; then
15 | echo "docker image owasp/dependency-check:$VERSION does not exist - run build_docker.sh first"
16 | exit 1
17 | fi
18 | docker inspect --type=image owasp/dependency-check:latest > /dev/null 2>&1
19 | if [[ "$?" -ne 0 ]] ; then
20 | echo "docker image owasp/dependency-check:latest does not exist - run build_docker.sh first"
21 | exit 1
22 | fi
23 |
24 | docker push owasp/dependency-check:$VERSION
25 | docker push owasp/dependency-check:latest
26 |
--------------------------------------------------------------------------------
/release_stats.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash
2 |
3 | curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/dependency-check/DependencyCheck/releases| jq -r '.[] | (.tag_name + "," + (.assets[]|(.name+","+(.download_count|tostring))))' | grep -v \.asc | sort
--------------------------------------------------------------------------------
/settings.xml:
--------------------------------------------------------------------------------
1 |
5 |
6 |
7 | ossrh
8 | ${env.MAVEN_USERNAME}
9 | ${env.MAVEN_PASSWORD}
10 |
11 |
12 |
13 |
14 | default
15 |
16 |
17 |
18 |
19 |
20 |
21 | default
22 |
23 |
--------------------------------------------------------------------------------
/sha256_cli.sh:
--------------------------------------------------------------------------------
1 | #/bin/bash
2 |
3 | ver=$(curl -s https://dependency-check.github.io/DependencyCheck/current.txt)
4 | echo "Version $ver"
5 | wget -q https://github.com/dependency-check/DependencyCheck/releases/download/v$ver/dependency-check-$ver-release.zip
6 | shasum -a 256 dependency-check-$ver-release.zip
7 | rm dependency-check-$ver-release.zip
8 |
--------------------------------------------------------------------------------
/src/main/config/checkstyle-header.txt:
--------------------------------------------------------------------------------
1 | ^/\*\s*$
2 | ^ \* This file is part of dependency-check-(ant|core|cli|maven|utils)\.\s*$
3 | ^ \*\s*$
4 | ^ \* Licensed under the Apache License, Version 2\.0 \(the "License"\);\s*$
5 | ^ \* you may not use this file except in compliance with the License.\s*$
6 | ^ \* You may obtain a copy of the License at\s*$
7 | ^ \*\s*$
8 | ^ \*\s*http://www.apache.org/licenses/LICENSE-2\.0\s*$
9 | ^ \*\s*$
10 | ^ \* Unless required by applicable law or agreed to in writing, software\s*$
11 | ^ \* distributed under the License is distributed on an "AS IS" BASIS,\s*$
12 | ^ \* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\.\s*$
13 | ^ \* See the License for the specific language governing permissions and\s*$
14 | ^ \* limitations under the License\.\s*$
15 | ^ \*\s*$
16 | ^ \* Copyright \(c\) 20\d\d .+\. All Rights Reserved\.\s*$
17 | ^ \*/\s*$
18 | ^package
19 |
--------------------------------------------------------------------------------
/src/main/config/version-rules.xml:
--------------------------------------------------------------------------------
1 |
4 |
5 | .*[-_\.](alpha|Alpha|ALPHA|b|beta|Beta|BETA|rc|RC|M|EA)[-_\.]?[0-9]*
6 |
7 |
--------------------------------------------------------------------------------
/src/main/site-resources/current.txt:
--------------------------------------------------------------------------------
1 | ${project.version}
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/archive-analyzer.md:
--------------------------------------------------------------------------------
1 | Archive Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer an archive analyzer that will attempt
5 | to extract files from the archive that are supported by the other file type
6 | analyzers.
7 |
8 | Files Types Scanned: ZIP, EAR, WAR, JAR, SAR, APK, NUPKG, TAR, GZ, TGZ, RPM
9 |
10 | Additional file extensions for ZIP archives can be added, see the configuration
11 | section in the Maven, Ant, or CLI interfaces for more information on configuration.
12 |
13 | Note, since this analyzer does examine the contents of a JAR file there are times
14 | that you may see additional entries in the report and/or warnings in the log file (if used)
15 | for DLL or EXE files contained within the JAR file. In almost all cases these can
16 | be ignored as it is fairly rare to have a .NET dll or exe within a JAR file.
17 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/assembly-analyzer.md:
--------------------------------------------------------------------------------
1 | Assembly Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that scans .NET dll and exe files and collect as
5 | much information it can about the files as it can. The information collected
6 | is internally referred to as evidence and is grouped into vendor, product, and version
7 | buckets. Other analyzers later use this evidence to identify any Common Platform
8 | Enumeration (CPE) identifiers that apply.
9 |
10 | .NET core 8.x needs to be installed for this analyzer to work.
11 |
12 | Files Types Scanned: EXE, DLL
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/autoconf.md:
--------------------------------------------------------------------------------
1 | Autoconf Analyzer
2 | =================
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will scan Autoconf project
9 | configuration files. The analyzer will collect as much information it can
10 | about the project. The information collected is internally referred to as
11 | evidence and is grouped into vendor, product, and version buckets. Other
12 | analyzers later use this evidence to identify any Common Platform Enumeration
13 | (CPE) identifiers that apply.
14 |
15 | File names scanned: configure, configure.in, configure.ac
16 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/bundle-audit.md:
--------------------------------------------------------------------------------
1 | Ruby Bundle-audit Analyzer
2 | =====================
3 |
4 | OWASP dependency-check includes an analyzer that will execute [bundle-audit](https://github.com/rubysec/bundler-audit#readme)
5 | and include the results in the dependency-check report. This is useful for multi-language
6 | projects and merging the results of multiple software composition analysis tools.
7 |
8 | **NOTE** - it is important to run `bundle-audit update` occasionally to keep the bundle-audit
9 | database current. ATM - dependency-check does **not** perform the `bundle-audit update` automatically.
10 |
11 | ```shell
12 | $ sudo gem install bundler-audit
13 | $ bundle-audit update
14 | ```
15 |
16 | Files Types Scanned: Gemfile.lock
17 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/carthage.md:
--------------------------------------------------------------------------------
1 | Carthage Analyzer
2 | ================
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will analyze SWIFT and Objective-C
9 | packages by scanning [Carthage](https://github.com/Carthage/Carthage) specification files.
10 |
11 | Files Types Scanned: [Cartfile.resolved](https://github.com/Carthage/Carthage/blob/master/Documentation/Artifacts.md).
12 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/central-analyzer.md:
--------------------------------------------------------------------------------
1 | Central Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that will check for the Maven GAV
5 | (Group/Artifact/Version) information for artifacts in the scanned area. By
6 | default the information comes from [Maven Central][1]. If the artifact's hash
7 | is found in the configured Nexus repository, its GAV is recorded as an Identifier
8 | and the Group is collected as Vendor evidence, the Artifact is collected as Product
9 | evidence, and the Version is collected as Version evidence.
10 |
11 | [1]: http://search.maven.org/ "Maven Central"
12 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/cmake.md:
--------------------------------------------------------------------------------
1 | CMake Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will scan CMake project
9 | configuration files. The analyzer will collect as much information it can
10 | about the project. The information collected is internally referred to as
11 | evidence and is grouped into vendor, product, and version buckets. Other
12 | analyzers later use this evidence to identify any Common Platform Enumeration
13 | (CPE) identifiers that apply.
14 |
15 | File names scanned: CMakeLists.txt, \*.cmake
16 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/cocoapods.md:
--------------------------------------------------------------------------------
1 | CocoaPods Analyzer
2 | ================
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will analyze SWIFT and Objective-C
9 | packages by scanning [CocoaPods](https://cocoapods.org/) specification files.
10 |
11 | Files Types Scanned: [*.podspec](https://guides.cocoapods.org/making/specs-and-specs-repo.html), [Podfile.lock](https://guides.cocoapods.org/using/the-podfile.html)
12 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/composer-lock.md:
--------------------------------------------------------------------------------
1 | Composer Lock Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that scans composer.lock files to get exact dependency
9 | version information from PHP projects which are managed with [Composer](http://getcomposer.org/).
10 | If you're using Composer to manage your project, this will only analyze the `composer.lock` file
11 | currently, so you'll need to run `composer install` to have Composer generate this file.
12 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/cpanfile.md:
--------------------------------------------------------------------------------
1 | CPAN File Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that can scan a `cpanfile` to exact
9 | dependency information from Perl projects. The analyzer does not yet differentiate
10 | develop and test dependencies from required dependencies. Nor does the
11 | analyzer support `cpanfile.snapshot` files yet. Finally, version ranges are
12 | not yet correctly handled either and only the first version in the range is used.
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/dart.md:
--------------------------------------------------------------------------------
1 | Dart Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that extract dependency information
9 | from `pubspec.lock` and `pubspec.yaml` files.
10 |
11 | File names scanned: pubspec.yaml, pubspec.lock
12 |
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/golang-dep.md:
--------------------------------------------------------------------------------
1 | Golang Dependency Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that extract dependency information
9 | from `Gopkg.lock` files.
10 |
11 | File names scanned: Gopkg.lock
12 |
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/golang-mod.md:
--------------------------------------------------------------------------------
1 | Golang Mod Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will utilize `go mod` to determine
9 | the go applications dependencies. Note, this requires that `go` is installed and
10 | may require users to configure the path to `go` if it is not on the system path.
11 |
12 | File names scanned: go.mod
13 |
14 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/jar-analyzer.md:
--------------------------------------------------------------------------------
1 | Jar Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that scans JAR files and collect as
5 | much information it can about the file as it can. The information collected
6 | is internally referred to as evidence and is grouped into vendor, product, and version
7 | buckets. Other analyzers later use this evidence to identify any Common Platform
8 | Enumeration (CPE) identifiers that apply. Additionally, if a POM is present
9 | the analyzer will add the Maven group, artifact, and version (GAV).
10 |
11 | Files Types Scanned: JAR, WAR
12 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/msbuild.md:
--------------------------------------------------------------------------------
1 | MS Build Analyzer
2 | ==============
3 |
4 | The MS Build Analyzer will parse csproj and vbproj files to gather infromation
5 | on the projects dependencies.
6 |
7 | Files Scanned: *.csproj, *.vbproj, and related Directory.Build.props and Directory.Packages.props.
8 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/node-audit-analyzer.md:
--------------------------------------------------------------------------------
1 | Node Audit Analyzer
2 | ================
3 |
4 | OWASP dependency-check includes a Node Audit Analyzer that scans `package-lock.json`
5 | files. The analyzer submits the lock files to the [NPM Audit](https://www.npmjs.com/)
6 | API for analysis, returning a list of advisories which get incorporated into the
7 | dependency check reports.
8 |
9 | This analyzer is enabled by default and requires that the machine performing
10 | the analysis can reach out to the Internet.
11 |
12 | Files Types Scanned: [package-lock.json](https://docs.npmjs.com/files/package-lock.json)
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/nodejs.md:
--------------------------------------------------------------------------------
1 | Node.js Analyzer
2 | ================
3 |
4 | OWASP dependency-check includes an analyzer that will scan [Node Package Manager](https://www.npmjs.com/)
5 | package specification files that works in conjunction with the [Node Audit Analyzer](./node-audit-analyzer.html) to
6 | create a bill-of-materials for a Node.js project.
7 |
8 | Files Types Scanned: [package.json](https://docs.npmjs.com/files/package.json), package-lock.json, npm-shrinkwrap.json
9 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/nugetconf-analyzer.md:
--------------------------------------------------------------------------------
1 | Nugetconf Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that will scan NuGet's packages.config files to
5 | collect information about the component being used. The evidence collected
6 | is used by other analyzers to determine if there are any known vulnerabilities
7 | associated with the component.
8 |
9 | Files Scanned: packages.config
10 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/nuspec-analyzer.md:
--------------------------------------------------------------------------------
1 | Nuspec Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that will scan NuGet's Nuspec file to
5 | collect information about the component being used. The evidence collected
6 | is used by other analyzers to determine if there are any known vulnerabilities
7 | associated with the component.
8 |
9 | Note, the Nuspec Analyzer does not scan dependencies defined. However, if
10 | the dependencies have been downloaded and may be included in the scan depending
11 | on configuration.
12 |
13 | Files Types Scanned: NUSPEC
14 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/openssl.md:
--------------------------------------------------------------------------------
1 | OpenSSL Analyzer
2 | ================
3 |
4 | OWASP dependency-check includes an analyzer that will scan OpenSSL source code
5 | files for the OpenSSL version information. The information collected is
6 | internally referred to as evidence and is grouped into vendor, product, and
7 | version buckets. Other analyzers later use this evidence to identify any
8 | Common Platform Enumeration (CPE) identifiers that apply.
9 |
10 | File names scanned: opensslv.h
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/oss-index-analyzer.md:
--------------------------------------------------------------------------------
1 | OSS Index Analyzer
2 | ================
3 |
4 | Uses the [OSS Index](https://ossindex.sonatype.org/) APIs to report on
5 | vulnerabilities not found in the NVD. The collection of identified Package-URL
6 | identifiers are submitted to the OSS Index for analysis and the resulting
7 | identified vulnerabilities are included in the report. In addition, vulnerabilities
8 | found in both the NVD and OSS Index may have additional references added.
9 |
10 | This analyzer requires an Internet connection.
11 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/pe-analyzer.md:
--------------------------------------------------------------------------------
1 | PE Analyzer
2 | ==============
3 |
4 | OWASP dependency-check includes an analyzer that scans PE dll and exe files and
5 | collect as much information it can about the files as it can. The information collected
6 | from the PE headers and is internally referred to as evidence and is grouped into vendor,
7 | product, and version buckets. Other analyzers later use this evidence to identify any
8 | Common Platform Enumeration (CPE) identifiers that apply.
9 |
10 | Files Types Scanned: EXE, DLL
11 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/pip.md:
--------------------------------------------------------------------------------
1 | Pip Analyzer
2 | ============
3 |
4 | *Experimental*: This analyzer is considered experimental, and will
5 | therefore be enabled only with the option `--enableExperimental`.
6 | While this analyzer may be useful and provide valid results more
7 | testing must be completed to ensure that the false negative/false
8 | positive rates are acceptable.
9 |
10 | OWASP dependency-check includes an analyzer that will scan Python Pip
11 | artifacts called `requirements.txt`, commonly generated with a command
12 | like:
13 |
14 | pip freeze > requirements.txt
15 |
16 | The analyzer(s) will collect as much information it can about the
17 | Python artifacts. The information collected is internally referred to
18 | as evidence and is grouped into vendor, product, and version buckets.
19 | Other analyzers later use this evidence to identify any Common
20 | Platform Enumeration (CPE) identifiers that apply.
21 |
22 | Files Scanned: files named exactly `requirements.txt`.
23 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/python.md:
--------------------------------------------------------------------------------
1 | Python Analyzer
2 | ==============
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will scan Python artifacts.
9 | The analyzer(s) will collect as much information it can about the Python
10 | artifacts. The information collected is internally referred to as evidence and
11 | is grouped into vendor, product, and version buckets. Other analyzers later
12 | use this evidence to identify any Common Platform Enumeration (CPE)
13 | identifiers that apply.
14 |
15 | Files Types Scanned: py, whl, egg, zip, PKG-INFO, and METADATA
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/retirejs-analyzer.md:
--------------------------------------------------------------------------------
1 | Retire JS Analyzer
2 | ==================
3 |
4 | OWASP dependency-check includes a Retire JS Analyzer. This analyzer that will scan
5 | JavaScript files and utilize the Retire JS database to identify vulnerable libraries.
6 |
7 | The ODC team would like to thank Steve Springett for his intial PR to introduce this analyzer,
8 | [Philippe Arteau](https://github.com/h3xstream) for the [burp-retire-js plugin](https://github.com/h3xstream/burp-retire-js) which
9 | provides much of the core functionality to use the Retire JS analysis in a Java application,
10 | and lastly [Erlend Oftedal](https://github.com/eoftedal) for building and maintaining [RetireJS](https://github.com/RetireJS/retire.js).
11 |
12 | Files Types Scanned: *.js
13 |
--------------------------------------------------------------------------------
/src/site/markdown/analyzers/ruby-gemspec.md:
--------------------------------------------------------------------------------
1 | Ruby Gemspec Analyzer
2 | =====================
3 |
4 | *Experimental*: This analyzer is considered experimental. While this analyzer may
5 | be useful and provide valid results more testing must be completed to ensure that
6 | the false negative/false positive rates are acceptable.
7 |
8 | OWASP dependency-check includes an analyzer that will scan [Ruby Gem](https://rubygems.org/)
9 | [specifications](http://guides.rubygems.org/specification-reference/). The
10 | analyzer will collect as much information as it can about the Gem. The
11 | information collected is internally referred to as evidence and is grouped
12 | into vendor, product, and version buckets. Other analyzers later use this
13 | evidence to identify any Common Platform Enumeration (CPE) identifiers that
14 | apply.
15 |
16 | *Note*: It is highly recommended that Ruby projects use
17 | [bundler-audit](https://github.com/rubysec/bundler-audit#readme). It is possible
18 | to incorporate the results of bundle-audit into the dependency-check report(s) by
19 | using the [bundle-audit analyzer](./bundle-audit.html).
20 |
21 | Files Types Scanned: Rakefile, \*.gemspec
--------------------------------------------------------------------------------
/src/site/markdown/data/cachenvd.md:
--------------------------------------------------------------------------------
1 | Creating an offline cache for the NVD API
2 | =========================================
3 |
4 | The Open Vulnerability Project's [vuln CLI](https://github.com/jeremylong/open-vulnerability-cli/blob/main/README.md#mirroring-the-nvd-cve-data)
5 | can be used to create an offline copy of the data obtained from the NVD API.
6 |
--------------------------------------------------------------------------------
/src/site/markdown/data/mirrornvd.md:
--------------------------------------------------------------------------------
1 | Mirroring External Resources
2 | ============================================================
3 | If an organization blocks the servers performing dependency-check scans from
4 | downloading content on the internet they will need to mirror two data sources:
5 | The NVD API and the Retire JS repository.
6 |
7 | Creating an offline cache for the NVD API
8 | ------------------------------------------------------------
9 |
10 | The Open Vulnerability Project's [vuln CLI](https://github.com/jeremylong/open-vulnerability-cli/blob/main/README.md)
11 | can be used to create an offline copy of the data obtained from the NVD API.
12 | Then configure dependency-check to use the NVD Datafeed URL.
13 |
14 |
15 | Mirroring Retire JS Repository
16 | ------------------------------------------------------------
17 | The Retire JS Repository is located at:
18 |
19 | ```
20 | https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
21 | ```
22 |
23 | The Retire JS repository can be configured using the `retireJsUrl` configuration option.
24 | See the configuration for the specific dependency-check client used for more information.
--------------------------------------------------------------------------------
/src/site/markdown/data/ossindex.md:
--------------------------------------------------------------------------------
1 | Sonatype OSS Index Analyzer
2 | ====================
3 |
4 | OWASP dependency-check includes an analyzer that will detect software packages
5 | and checks the [Sonatype OSS Index][1] if the package contains vulnerability information
6 | to include in the report.
7 |
8 | [1]: https://ossindex.sonatype.org "Sonatype OSS Index"
--------------------------------------------------------------------------------
/src/site/markdown/data/tlsfailure.md:
--------------------------------------------------------------------------------
1 | NVD API Access Failures
2 | =========================
3 | In some installations of the JRE (such as OpenJDK on CentOS/RHEL/Amazon Linux) do not
4 | have the correct libraries to support EC cryptography. If you run into problems running
5 | dependency-check you may need to install Bouncy Castle and configure Java to use the
6 | more robust cryptographic provider.
7 |
8 | Helpful Links
9 | * [Stackoverflow discussion](http://stackoverflow.com/a/33521718/1995422)
10 | * [Bouncy Castle](https://www.bouncycastle.org/java.html)
--------------------------------------------------------------------------------
/src/site/markdown/data/upgrade.md:
--------------------------------------------------------------------------------
1 | Database Upgrades
2 | =================
3 | If using an external database server, such as MySQL, a DBA must manually perform the
4 | database schema update. In most cases an upgrade requires re-running the initialization script
5 | which will drop the current tables and re-create them. The initialization can be found in the
6 | [github repository](https://github.com/dependency-check/DependencyCheck/tree/main/core/src/main/resources/data).
7 |
8 | If you want to use an external database other than one listed in the repo please open an issue on the
9 | [github issue tracker](https://github.com/dependency-check/DependencyCheck/issues) as an initialization and
10 | dialect properties file will likely need to be created.
--------------------------------------------------------------------------------
/src/site/markdown/modules.md:
--------------------------------------------------------------------------------
1 | Modules
2 | ====================
3 | OWASP dependency-check's core analysis engine was designed to fit into an applications normal
4 | build and reporting process:
5 |
6 | - [Ant Task](dependency-check-ant/index.html)
7 | - [Command Line Tool](dependency-check-cli/index.html)
8 | - [Gradle Plugin](dependency-check-gradle/index.html)
9 | - [Jenkins Plugin](dependency-check-jenkins/index.html)
10 | - [Maven Plugin](dependency-check-maven/index.html)
11 | - [SBT Plugin](https://github.com/albuch/sbt-dependency-check)
12 |
13 | In addition, dependency-check can be executed from the
14 | [command line](dependency-check-cli/index.html).
15 |
16 | Extending dependency-check
17 | --------------------------
18 | A [dependency-check-plugin maven archetype](dependency-check-plugin/index.html)
19 | has been created to assist with creating your own analyzers.
20 |
21 | Core Engine
22 | --------------------------
23 | Information about the core engine and the utilities used can be found:
24 |
25 | - [Core](dependency-check-core/index.html)
26 | - [Utilities](dependency-check-utils/index.html)
27 |
--------------------------------------------------------------------------------
/src/site/resources/favicon:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/favicon
--------------------------------------------------------------------------------
/src/site/resources/general/dependency-check.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/general/dependency-check.pdf
--------------------------------------------------------------------------------
/src/site/resources/general/dependency-check.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/general/dependency-check.pptx
--------------------------------------------------------------------------------
/src/site/resources/hb_nvd/nvdcve-1.1-2022.json.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/hb_nvd/nvdcve-1.1-2022.json.gz
--------------------------------------------------------------------------------
/src/site/resources/hb_nvd/nvdcve-1.1-2022.meta:
--------------------------------------------------------------------------------
1 | lastModifiedDate:2022-10-20T03:00:10-04:00
2 | size:70380337
3 | zipSize:3822198
4 | gzSize:3822062
5 | sha256:24A334852A8852A6606D8CFD4A0A69ADE47908856E3A73655F08367ADE44D4E0
6 |
--------------------------------------------------------------------------------
/src/site/resources/hb_nvd/nvdcve-1.1-modified.json.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/hb_nvd/nvdcve-1.1-modified.json.gz
--------------------------------------------------------------------------------
/src/site/resources/hb_nvd/nvdcve-1.1-modified.meta:
--------------------------------------------------------------------------------
1 | lastModifiedDate:2022-10-20T06:00:02-04:00
2 | size:8202348
3 | zipSize:442810
4 | gzSize:442666
5 | sha256:0EBBD2280373FEF52BEA50ED682329D5941C9BA0E0530A911E71EAE21BC464AE
6 |
--------------------------------------------------------------------------------
/src/site/resources/images/logos/jprofiler.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/images/logos/jprofiler.png
--------------------------------------------------------------------------------
/src/site/resources/images/logos/logo_intellij_idea.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/site/resources/images/logos/logo_intellij_idea.png
--------------------------------------------------------------------------------
/src/test/manual-test-proxy-auth/debian.conf.override:
--------------------------------------------------------------------------------
1 | #
2 | # Squid configuration settings for Debian
3 | #
4 |
5 | # Logs are managed by logrotate on Debian
6 | logfile_rotate 0
7 | # Increase log-level for Hypertext Transfer Protocol (HTTP) to see more detail on auth
8 | debug_options ALL,1 11,2
9 |
10 | # For extra security Debian packages only allow
11 | # localhost to use the proxy on new installs
12 | #
13 | # http_access allow localnet
14 |
--------------------------------------------------------------------------------
/src/test/manual-test-proxy-auth/squid-auth-for-localnet.conf:
--------------------------------------------------------------------------------
1 | # configure basic auth ACL with our passwordfile
2 | auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
3 | auth_param basic realm proxy
4 | acl authenticated proxy_auth REQUIRED
5 | # now grant authenticaed HTTP access using the ACL above from
6 | # localnet IP addresses (an ACL already defined in container's squid.conf)
7 | http_access allow authenticated localnet
--------------------------------------------------------------------------------
/src/test/manual-test-proxy-auth/start-docker-squidproxy-with-auth:
--------------------------------------------------------------------------------
1 | docker run --rm -d --name odc-squid-testproxy -e TZ=UTC -v $(pwd)/debian.conf.override:/etc/squid/conf.d/debian.conf:ro -v $(pwd)/squid-auth-for-localnet.conf:/etc/squid/conf.d/squid-auth-for-localnet.conf:ro -v $(pwd)/user-proxy-passwd-insecure:/etc/squid/passwords:ro -p 127.0.0.1:53128:3128 -p ::1:53128:3128 ubuntu/squid:5.2-22.04_beta
2 |
3 |
--------------------------------------------------------------------------------
/src/test/manual-test-proxy-auth/stop-docker-squidproxy-with-auth:
--------------------------------------------------------------------------------
1 | docker stop odc-squid-testproxy
2 |
3 |
--------------------------------------------------------------------------------
/src/test/manual-test-proxy-auth/user-proxy-passwd-insecure:
--------------------------------------------------------------------------------
1 | proxy:$apr1$n1cgKVJ4$.3IE1rLwMCAPnOLZMadZ5/
2 |
--------------------------------------------------------------------------------
/src/test/resources/aopalliance-1.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/aopalliance-1.0.jar
--------------------------------------------------------------------------------
/src/test/resources/axis-1.4.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/axis-1.4.jar
--------------------------------------------------------------------------------
/src/test/resources/commons-cli-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/commons-cli-1.2.jar
--------------------------------------------------------------------------------
/src/test/resources/commons-validator-1.4.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/commons-validator-1.4.0.jar
--------------------------------------------------------------------------------
/src/test/resources/data.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/data.zip
--------------------------------------------------------------------------------
/src/test/resources/install.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://json.schemastore.org/install",
3 | "resources": {
4 | "head": [],
5 | "body": []
6 | },
7 | "options": {
8 | "properties": {}
9 | },
10 | "preview": {
11 | "handlers": []
12 | },
13 | "hooks": [],
14 | "dns": []
15 | }
--------------------------------------------------------------------------------
/src/test/resources/jaxb-xercesImpl-1.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/jaxb-xercesImpl-1.5.jar
--------------------------------------------------------------------------------
/src/test/resources/org.mortbay.jetty.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/org.mortbay.jetty.jar
--------------------------------------------------------------------------------
/src/test/resources/org.mortbay.jmx.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/org.mortbay.jmx.jar
--------------------------------------------------------------------------------
/src/test/resources/requirements.txt:
--------------------------------------------------------------------------------
1 | #
2 | # This file has comments and blank lines to make sure they are ignored
3 | #
4 |
5 | certifi==2018.4.16
6 | chardet==3.0.4
7 | click==6.7
8 | Flask==0.10.1
9 | Flask-Cors==3.0.6
10 | Flask-Spyne==0.3.1
11 | httplib2==0.11.3
12 | idna==2.7
13 | itsdangerous==0.24
14 | Jinja2==2.10
15 | lxml==4.2.1
16 | MarkupSafe==1.0
17 | pymongo==3.6.1
18 | PySimpleSOAP==1.16.2
19 | pytz==2018.4
20 | PyYAML==3.12
21 |
22 | requests==2.19.1
23 | sec-wall==1.2
24 | six==1.11.0
25 | spyne==2.12.14
26 | suds-jurko==0.6
27 | urllib3
28 | Werkzeug>=0.14.1
29 | cryptography~=1.8.2
--------------------------------------------------------------------------------
/src/test/resources/spring-core-3.0.0.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/spring-core-3.0.0.RELEASE.jar
--------------------------------------------------------------------------------
/src/test/resources/struts.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/struts.jar
--------------------------------------------------------------------------------
/src/test/resources/velocity-1.7.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dependency-check/DependencyCheck/0e0cd58ee2d3ce75979b6160e6b1ad5fbeb34d8b/src/test/resources/velocity-1.7.jar
--------------------------------------------------------------------------------
/utils/src/main/java/org/owasp/dependencycheck/utils/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Includes various utility classes such as a Settings wrapper, utilities to make URL Connections, etc.
3 | */
4 | package org.owasp.dependencycheck.utils;
5 |
--------------------------------------------------------------------------------
/utils/src/main/java/org/owasp/dependencycheck/utils/processing/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Classes used to process the output of external calls.
3 | */
4 | package org.owasp.dependencycheck.utils.processing;
5 |
--------------------------------------------------------------------------------
/utils/src/main/java/org/owasp/dependencycheck/utils/search/package-info.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Includes search utilities that might be useful to other projects.
3 | */
4 | package org.owasp.dependencycheck.utils.search;
5 |
--------------------------------------------------------------------------------
/utils/src/site/markdown/index.md:
--------------------------------------------------------------------------------
1 | About
2 | =====
3 | OWASP dependency-check-utils is a collection of common utility classes used within dependency-check
4 | that might be useful in other projects.
--------------------------------------------------------------------------------
/utils/src/test/resources/SearchTest.txt:
--------------------------------------------------------------------------------
1 | /*! SomeTest v0.3.1 | (c) Jeremy Long and other contributors | Apache License 2.0 */
2 |
--------------------------------------------------------------------------------
/utils/src/test/resources/checkSumTest.file:
--------------------------------------------------------------------------------
1 | this is a test file used to check the checksums.
--------------------------------------------------------------------------------
/utils/src/test/resources/logback-test.xml:
--------------------------------------------------------------------------------
1 |
2 | dependency-check
3 |
4 |
5 | System.out
6 |
7 | [%level] %msg%n
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/utils/src/test/resources/test.properties:
--------------------------------------------------------------------------------
1 | proxy.port=80
--------------------------------------------------------------------------------