Uses of Class
org.owasp.dependencycheck.analyzer.AbstractAnalyzer
Packages that use AbstractAnalyzer
Package
Description
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
-
Uses of AbstractAnalyzer in org.owasp.dependencycheck.analyzer
Subclasses of AbstractAnalyzer in org.owasp.dependencycheck.analyzerModifier and TypeClassDescriptionclassThis analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.classThe base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.classAn abstract NPM analyzer that contains common methods for concrete implementations.classAbstract base suppression analyzer that contains methods for parsing the suppression XML file.classAn analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the dependency list.classAnalyzer which will attempt to locate a dependency, and the GAV information, by querying Artifactory for the dependency's hashes digest.classAnalyzer for getting company, product, and version information from a .NET assembly.classUsed to analyze Autoconf input files named configure.ac or configure.in.classThis analyzer is used to analyze SWIFT and Objective-C packages by collecting information from Cartfile files.classAnalyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 digest.classUsed to analyze CMake build files, and collect information that can be used to determine the associated CPE.classThis analyzer is used to analyze SWIFT and Objective-C packages by collecting information from .podspec files.classUsed to analyze a composer.lock file for a composer PHP app.classCPEAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CPE.classThis is no longer used as a standalone analyzer; rather this is called by the CPE Analyzer directly.classThis analyzer is used to analyze Dart packages by collecting information from pubspec lock and yaml files.classThis analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.classThis analyzer will merge dependencies, created from different source, into a single dependency.classclassThis analyzer attempts to remove some well known false positives - specifically regarding the java runtime.classTakes a dependency and analyzes the filename and determines the hashes.classGo lang dependency analyzer.classGo mod dependency analyzer.classThis analyzer adds evidence to dependencies to enhance the accuracy of library identification.classUsed to load a JAR file and collect information that can be used to determine the associated CPE.classThis analyzer adds information about known exploited vulnerabilities.classAnalyzer which parses a libman.json file to gather module information.classAnalyzes MS Project files for dependencies.classAnalyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.classUsed to analyze Node Package Manager (npm) package-lock.json and npm-shrinkwrap.json files via NPM Audit API.classUsed to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine the associated CPE.classNpmCPEAnalyzer takes a project dependency and attempts to discern if there is an associated CPE.classAnalyzer which parses a Nuget packages.config file to gather module information.classAnalyzer which will parse a Nuspec file to gather module information.classNvdCveAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CVEs.classUsed to analyze OpenSSL source code present in the file system.classEnrich dependency information from Sonatype OSS index.classTakes a dependency and analyze the PE header for meta data that can be used to identify the library.classUsed to analyze Perl CPAN files.classUsed to analyze Maven pinned dependency files named*install*.json, a Java Maven dependency lockfile like Python'srequirements.txt.classUsed to analyze pip dependency files named requirements.txt.classUsed to analyze dependencies defined in Pipfile.classUsed to analyze dependencies defined in Pipfile.lock.classclassPoetry dependency analyzer.classUsed to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used to determine the associated CPE.classUsed to analyze a Python package, and collect information that can be used to determine the associated CPE.classThe RetireJS analyzer uses the manually curated list of vulnerabilities from the RetireJS community along with the necessary information to assist in identifying vulnerable components.classUsed to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.classThis analyzer accepts the fully resolved .gemspec created by the Ruby bundler (http://bundler.io) for better evidence results.classUsed to analyze Ruby Gem specifications and collect information that can be used to determine the associated CPE.classThis analyzer is used to analyze the SWIFT Package Manager (https://swift.org/package-manager/).classThis analyzer is used to analyze the SWIFT Package Resolved (https://swift.org/package-manager/).classLog the unused suppression rules.classThis analyzer attempts to filter out erroneous version numbers collected.classThe suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema.class