Package org.owasp.dependencycheck.analyzer

Class NvdCveAnalyzer

  • All Implemented Interfaces:
    Analyzer
    @ThreadSafe
public class NvdCveAnalyzer
extends AbstractAnalyzer
    NvdCveAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CVEs. It uses the the identifiers found by other analyzers to lookup the CVE data.
    Author:
    Jeremy Long

    • Constructor Detail

      • NvdCveAnalyzer

        public NvdCveAnalyzer()

    • Method Detail

      • analyzeDependency

        protected void analyzeDependency​(Dependency dependency,
                                 Engine engine)
                          throws AnalysisException
        Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.
        Specified by:
        analyzeDependency in class AbstractAnalyzer
        Parameters:
        dependency - The Dependency to analyze
        engine - The analysis engine
        Throws:
        AnalysisException - thrown if there is an issue analyzing the dependency

      • getName

        public java.lang.String getName()
        Returns the name of this analyzer.
        Returns:
        the name of this analyzer.

      • getAnalysisPhase

        public AnalysisPhase getAnalysisPhase()
        Returns the analysis phase that this analyzer should run in.
        Returns:
        the analysis phase that this analyzer should run in.

      • getAnalyzerEnabledSettingKey

        protected java.lang.String getAnalyzerEnabledSettingKey()

        Returns the setting key to determine if the analyzer is enabled.

        Specified by:
        getAnalyzerEnabledSettingKey in class AbstractAnalyzer
        Returns:
        the key for the analyzer's enabled property