All Classes and Interfaces
Class
Description
Base class for analyzers to avoid code duplication of prepare and close as
most analyzers do not need these methods.
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
The base FileTypeAnalyzer that all analyzers that have specific file types
they analyze should extend.
An in memory Lucene index that contains the vendor/product combinations from
the CPE (application) identifiers within the NVD CVE data.
An abstract NPM analyzer that contains common methods for concrete
implementations.
Abstract base suppression analyzer that contains methods for parsing the
suppression XML file.
An abstract tokenizing filter that can be used as the base for a tokenizing
filter.
The response from NPM Audit API will respond with 0 or more advisories.
A simple alphanumeric filter that removes non-alphanumeric characters from
the terms.
An exception thrown when the analysis of a dependency fails.
An enumeration defining the phases of analysis.
Task to support parallelism of dependency-check analysis.
An interface that defines an Analyzer that is used to identify Dependencies.
The Analyzer Service Loader.
Utility application to process and serialize the CWE data.
An analyzer that extracts files from archives and ensures any supported files
contained within the archive are added to the dependency list.
An exception thrown when files in an archive cannot be extracted.
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Artifactory for the dependency's hashes digest.
Class of methods to search Artifactory for hashes and determine Maven GAV
from there.
Analyzer for getting company, product, and version information from a .NET
assembly.
A simple collection of .NET assembly data as collected from GrokAssembly.
Used to analyze Autoconf input files named configure.ac or configure.in.
Processor for the output of bundler-audit.
Defines a data source who's data is retrieved from the Internet.
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from Cartfile files.
Analyzer which will attempt to locate a dependency, and the GAV information,
by querying Central for the dependency's SHA-1 digest.
Class of methods to search Maven Central via Central.
Copied from JFrog's artifactory client.
Used to analyze CMake build files, and collect information that can be used
to determine the associated CPE.
This analyzer is used to analyze SWIFT and Objective-C packages by collecting
information from .podspec files.
Represents a dependency (GAV, right now) from a Composer dependency.
Represents an exception when handling a composer.json or composer.lock file.
Used to analyze a composer.lock file for a composer PHP app.
Parses a Composer.lock file from an input stream.
A confidence enumeration.
An exception used to indicate the db4o database is corrupt.
An exception used when data corruption is detected on an NVD CVE Datastream file.
CPEAnalyzer is a utility class that takes a project dependency and attempts
to discern if there is an associated CPE.
A CPE Identifier for a dependency object.
An in memory Lucene index that contains the vendor/product combinations from
the CPE (application) identifiers within the NVD CVE data.
A simple wrapper object that allows one to carry the ecosystem along with the
CPE.
This is no longer used as a standalone analyzer; rather this is called by the
CPE Analyzer directly.
The database holding information about the NVD CVE data.
Utility for mapping CVEs to their ecosystems.
Utility for processing DefCveItem in order to extract key values
like textual description and ecosystem type.
Utility class to create CVSS Objects.
A SAX Handler that will parse the CWE XML.
Collection of CWEs with a pretty print implemented in the toString().
This analyzer is used to analyze Dart packages by collecting information from
pubspec lock and yaml files.
An exception thrown if an operation against the database fails.
Loads the configured database driver and returns the database connection.
This is a wrapper around a set of properties that are stored in the database.
A generic wrapper for the Java Caching System (JCS).
Factory to instantiate cache repositories.
Collection of utility methods for working with database objects.
A program dependency.
This analyzer ensures dependencies that should be grouped together, to remove
excess noise from the report, are grouped.
This class provides a way to easily conduct a scan solely based on existing
evidence metadata rather than collecting evidence from the files themselves.
This analyzer will merge dependencies, created from different source, into a
single dependency.
An exception used when a dependency could not be found.
Simple object to track the parts of a version number.
A utility class to extract version numbers from file names (or other strings
containing version numbers.
Helper utility for mapping CVEs to their ecosystems based on the description.
Enumeration used for mapping CVEs to their ecosystems based on the
description.
Represents the developer node within the pom.xml.
Parses `Directory.Build.props`.
Parses a nuget's Directory.Packages.props file using XPath.
A callable object to download the NVD API cache files and start the
NvdApiProcessor.
DriverLoader is a utility class that is used to load database drivers.
An exception thrown the database driver is unable to be loaded.
Collection of the standard ecosystems for dependency-check.
Scans files, directories, etc. for Dependencies.
Engine execution modes.Checks the gh-pages dependency-check site to determine the current released
version number.
An extremely simple wrapper around various escape utils to perform URL and
HTML encoding within the reports.
Evidence is a piece of information about a Dependency.
EvidenceMatcher can match one or more
Evidences.The types of evidence.
A collection of several exceptions.
Annotation used to flag an analyzer as experimental.
Set of utilities to extract files from archives.
This analyzer attempts to remove some well known false positives -
specifically regarding the java runtime.
Fields is a collection of field names used within the Lucene index for CPE
entries.
Utility class for building useful
FileFilter instances for
AbstractFileTypeAnalyzer implementations.Copied from JFrog's artifactory client.
Takes a dependency and analyzes the filename and determines the hashes.
An Analyzer that scans specific file types.
This is an abstract filter that can be used to filter iterable list.
In identifier such as a CPE or dependency coordinates (i.e.
Go lang dependency analyzer.
Go mod dependency analyzer.
Represents a Go module dependency.
Parses json output from `go list -json -m all`.
Processor for the output of `go list -m -json all`.
Processor for the output of GrokAssembly.exe.
An XML parsing error handler.
A handler to read Grok Assembly XML files.
An exception used when parsing a grok assembly XML file fails.
A simple validating parser for XML Grok Assembly XML files.
Stored procedures for the H2 database.
This analyzer adds evidence to dependencies to enhance the accuracy of
library identification.
An XML parsing error handler.
A handler to load hint rules.
An exception used when parsing a suppression rule file fails.
A simple validating parser for XML Hint Rules.
A collection of product and vendor evidence to match; if any evidence is
matched the addVendor and addProduct evidence should be added to the
dependency.
The Identifier used to label dependencies.
POJO to store a reference to the "included by" node in a dependency tree;
where included by is the root node that caused a dependency to be included.
A CPE entry containing the name, vendor, product, and version.
An exception thrown when the there is an issue using the in-memory CPE Index.
An exception used when initializing analyzers.
The syntax style for the interpolation.
An InvalidDataDataException is a generic exception used when trying to load
the NVD CVE meta data.
Copied from JFrog's artifactory client.
Used to load a JAR file and collect information that can be used to determine
the associated CPE.
Stores information about a class name.
CISA Catalog of Known Exploited Vulnerabilities
This analyzer adds information about known exploited vulnerabilities.
An exception intended to be used within a lambda expression as checked
exceptions cannot be used within lambdas.
Analyzer which parses a libman.json file to gather module information.
Lucene utils is a set of utilize written to make constructing Lucene queries
simpler.
Simple bean representing a Maven Artifact.
Parses json output from `mix_audit --format json`.
Processor for the output of `mix_audit`.
Represents a single vulnerability result from `mix_audit --format json`.
A simple pojo to hold data related to a Maven POM file.
Analyzes MS Project files for dependencies.
Exception during the parsing of a MSBuild Project file.
Analyzer which will attempt to locate a dependency on a Nexus service by
SHA-1 digest of the dependency.
Class of methods to search Nexus repositories.
Class of methods to search Nexus v3 repositories.
An exception used when the data needed does not exist to perform analysis.
Used to analyze Node Package Manager (npm) package-lock.json and
npm-shrinkwrap.json files via NPM Audit API.
Class of methods to search via Node Audit API.
Used to analyze Node Package Manager (npm) package.json files, and collect
information that can be used to determine the associated CPE.
Parser for NPM Audit API response.
NpmCPEAnalyzer takes a project dependency and attempts to discern if there is
an associated CPE.
An in memory Lucene index that contains the vendor/product combinations from
the CPE (application) identifiers within the NVD CVE data.
Class used to create the payload to submit to the NPM Audit API service.
Analyzer which parses a Nuget packages.config file to gather module
information.
Exception during the parsing of a packages.config file.
Represents the contents of a Nuspec manifest.
Represents a reference to a NuGet package and version.
Analyzer which will parse a Nuspec file to gather module information.
Exception during the parsing of a Nuspec file.
Stores a collection of NVD CVE Data from the NVD API into the database.
NvdCveAnalyzer is a utility class that takes a project dependency and
attempts to discern if there is an associated CVEs.
ODC connection transport is used instead of HttpUrlConnectionTransport
because the proxy information is already configured.
Used to analyze OpenSSL source code present in the file system.
Enrich dependency information from Sonatype OSS index.
Produces
OssindexClient instances.A generic pair of elements.
An exception thrown when a parsing error occurs.
Takes a dependency and analyze the PE header for meta data that can be used
to identify the library.
This includes a copy of
PE.read(IDataReader) and a couple of private methods
with some added error handling to swallow EOFExceptions when reading certain sections of the file
to be a bit more lenient on some "corrupt" (or not fully handled) dlls, per
...
Used to analyze Perl CPAN files.
Used to analyze Maven pinned dependency files named
*install*.json, a
Java Maven dependency lockfile like Python's requirements.txt.Used to analyze pip dependency files named requirements.txt.
Used to analyze dependencies defined in Pipfile.
Used to analyze dependencies defined in Pipfile.lock.
Poetry dependency analyzer.
A handler to read the pom.xml model.
An exception used when parsing a suppression rule file fails.
A parser for pom.xml files.
Filters everything in an input stream prior to the <project> element.
A simple PropertyType used to represent a string value that could be used as
a regular expression or could be case insensitive.
The Package-URL Identifier implementation.
A utility class to handle Python Packaging Authority (PyPA) core metadata files.
Used to analyze a Wheel or egg distribution files, or their contents in
unzipped form, and collect information that can be used to determine the
associated CPE.
Used to analyze a Python package, and collect information that can be used to
determine the associated CPE.
An external reference for a vulnerability.
An exception used when generating reports.
The ReportGenerator is used to, as the name implies, generate reports.
An enumeration of the report formats.
Utilities to format items in the Velocity reports.
Annotation used to flag an analyzer as retired.
The RetireJS analyzer uses the manually curated list of vulnerabilities from
the RetireJS community along with the necessary information to assist in
identifying vulnerable components.
Downloads a local copy of the RetireJS repository.
Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party
bundle-audit tool.
This analyzer accepts the fully resolved .gemspec created by the Ruby bundler
(http://bundler.io) for better evidence results.
Used to analyze Ruby Gem specifications and collect information that can be
used to determine the associated CPE.
An exception used when using @{link DependencyCheckScanAgent} to conduct a
scan and the scan fails.
An exception thrown when an online searching fails (such as NPM).
A Lucene field analyzer used to analyzer queries against the CPE data.
Utility to estimate severity level scores.
Add method for String and IHitFull.
An XML parsing error handler.
A handler to load suppression rules.
An exception used when parsing a suppression rule file fails.
A simple validating parser for XML Suppression Rules.
This analyzer is used to analyze the SWIFT Package Manager
(https://swift.org/package-manager/).
This analyzer is used to analyze the SWIFT Package Resolved
(https://swift.org/package-manager/).
Takes a TokenStream and adds additional tokens by concatenating pairs of
words.
An exception intended to be used in situations that should never occur.
Log the unused suppression rules.
An exception used when an error occurs reading a setting.
The CachedWebDataSource Service Loader.
Takes a TokenStream, looks for URLs, and breaks them into separate tokens.
Used to duplicate vendor evidence within a collection.
This analyzer attempts to filter out erroneous version numbers collected.
Contains the information about a vulnerability.
An enumeration for the source of vulnerability.
The suppression analyzer processes an externally defined XML document that
complies with the suppressions.xsd schema.
A record containing information about vulnerable software.
A builder for VulnerableSoftware objects.
A lock file implementation; creates a custom lock file so that only a single
instance of dependency-check can update the a given resource.
A cleanup hook that will register with the JVM to remove the WriteLock file
during an unexpected shutdown.
An exception used when trying to obtain a lock on a resource.
Definition of the shutdown hook used during the unexpected shutdown during
the update process of a resources.
Simple factory to instantiate the Write Lock Shutdown Hook.
This is a utility class to convert named XML Entities (such as ø) into
its HTML encoded Unicode code point (i.e.
Cleans up often very bad XML.
Parses a MSBuild project file for NuGet references using XPath.
Parse a packages.config file using XPath.
Parse a Nuspec file using XPath.