Package org.owasp.dependencycheck.analyzer
package org.owasp.dependencycheck.analyzer
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
-
ClassDescriptionBase class for analyzers to avoid code duplication of prepare and close as most analyzers do not need these methods.This analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.The base FileTypeAnalyzer that all analyzers that have specific file types they analyze should extend.An abstract NPM analyzer that contains common methods for concrete implementations.Abstract base suppression analyzer that contains methods for parsing the suppression XML file.An enumeration defining the phases of analysis.An interface that defines an Analyzer that is used to identify Dependencies.The Analyzer Service Loader.An analyzer that extracts files from archives and ensures any supported files contained within the archive are added to the dependency list.Analyzer which will attempt to locate a dependency, and the GAV information, by querying Artifactory for the dependency's hashes digest.Analyzer for getting company, product, and version information from a .NET assembly.Used to analyze Autoconf input files named configure.ac or configure.in.This analyzer is used to analyze SWIFT and Objective-C packages by collecting information from Cartfile files.Analyzer which will attempt to locate a dependency, and the GAV information, by querying Central for the dependency's SHA-1 digest.Used to analyze CMake build files, and collect information that can be used to determine the associated CPE.This analyzer is used to analyze SWIFT and Objective-C packages by collecting information from .podspec files.Used to analyze a composer.lock file for a composer PHP app.CPEAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CPE.This is no longer used as a standalone analyzer; rather this is called by the CPE Analyzer directly.This analyzer is used to analyze Dart packages by collecting information from pubspec lock and yaml files.This analyzer ensures dependencies that should be grouped together, to remove excess noise from the report, are grouped.This analyzer will merge dependencies, created from different source, into a single dependency.Annotation used to flag an analyzer as experimental.This analyzer attempts to remove some well known false positives - specifically regarding the java runtime.Takes a dependency and analyzes the filename and determines the hashes.An Analyzer that scans specific file types.Go lang dependency analyzer.Go mod dependency analyzer.This analyzer adds evidence to dependencies to enhance the accuracy of library identification.Used to load a JAR file and collect information that can be used to determine the associated CPE.Stores information about a class name.This analyzer adds information about known exploited vulnerabilities.Analyzer which parses a libman.json file to gather module information.Analyzes MS Project files for dependencies.Analyzer which will attempt to locate a dependency on a Nexus service by SHA-1 digest of the dependency.Used to analyze Node Package Manager (npm) package-lock.json and npm-shrinkwrap.json files via NPM Audit API.Used to analyze Node Package Manager (npm) package.json files, and collect information that can be used to determine the associated CPE.NpmCPEAnalyzer takes a project dependency and attempts to discern if there is an associated CPE.Analyzer which parses a Nuget packages.config file to gather module information.Analyzer which will parse a Nuspec file to gather module information.NvdCveAnalyzer is a utility class that takes a project dependency and attempts to discern if there is an associated CVEs.Used to analyze OpenSSL source code present in the file system.Enrich dependency information from Sonatype OSS index.Takes a dependency and analyze the PE header for meta data that can be used to identify the library.Used to analyze Perl CPAN files.Used to analyze Maven pinned dependency files named
*install*.json, a Java Maven dependency lockfile like Python'srequirements.txt.Used to analyze pip dependency files named requirements.txt.Used to analyze dependencies defined in Pipfile.Used to analyze dependencies defined in Pipfile.lock.Poetry dependency analyzer.Used to analyze a Wheel or egg distribution files, or their contents in unzipped form, and collect information that can be used to determine the associated CPE.Used to analyze a Python package, and collect information that can be used to determine the associated CPE.Annotation used to flag an analyzer as retired.The RetireJS analyzer uses the manually curated list of vulnerabilities from the RetireJS community along with the necessary information to assist in identifying vulnerable components.Used to analyze Ruby Bundler Gemspec.lock files utilizing the 3rd party bundle-audit tool.This analyzer accepts the fully resolved .gemspec created by the Ruby bundler (http://bundler.io) for better evidence results.Used to analyze Ruby Gem specifications and collect information that can be used to determine the associated CPE.This analyzer is used to analyze the SWIFT Package Manager (https://swift.org/package-manager/).This analyzer is used to analyze the SWIFT Package Resolved (https://swift.org/package-manager/).Log the unused suppression rules.This analyzer attempts to filter out erroneous version numbers collected.The suppression analyzer processes an externally defined XML document that complies with the suppressions.xsd schema.