Uses of Class
org.owasp.dependencycheck.Engine
Packages that use Engine
Package
Description
Includes the main entry point for dependency-check.
The agent package holds an agent API that can be used by other applications that have information about dependencies; but would
rather implement something in their code directly rather then spawn a process to run the entire dependency-check engine.
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
Contains classes used to update the data stores.
The UpdateService will load, any correctly defined CachedWebDataSource(s) and call update() on them.
The UpdateService will load, any correctly defined CachedWebDataSource(s) and call update() on them.
Classes used to process the output of external tools.
Includes various utility classes such as a Settings wrapper, a Checksum utility, etc.
-
Uses of Engine in org.owasp.dependencycheck
Constructors in org.owasp.dependencycheck with parameters of type EngineModifierConstructorDescriptionAnalysisTask(Analyzer analyzer, Dependency dependency, Engine engine, List<Throwable> exceptions) Creates a new analysis task. -
Uses of Engine in org.owasp.dependencycheck.agent
Methods in org.owasp.dependencycheck.agent that return Engine -
Uses of Engine in org.owasp.dependencycheck.analyzer
Methods in org.owasp.dependencycheck.analyzer with parameters of type EngineModifier and TypeMethodDescriptionfinal voidAbstractAnalyzer.analyze(Dependency dependency, Engine engine) Analyzes a given dependency.voidAnalyzer.analyze(Dependency dependency, Engine engine) Analyzes the given dependency.protected abstract voidAbstractAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.protected voidAbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore, Engine engine) Analyzes a set of dependencies.protected voidAbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidArchiveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.voidArtifactoryAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.voidAssemblyAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis on a single Dependency.protected voidAutoconfAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidCarthageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidCentralAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidCMakeAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.protected voidCocoaPodsAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidComposerLockAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Entry point for the analyzer.protected voidCPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.protected voidCpeSuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidDartAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Determines if the analyzer can analyze the given file type.protected voidFalsePositiveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the dependencies and removes bad/incorrect CPE associations based on various heuristics.protected voidFileNameAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Collects information about the file name.protected voidGolangDepAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes go packages and adds evidence to the dependency.protected voidGolangModAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes go packages and adds evidence to the dependency.protected voidHintAnalyzer.analyzeDependency(Dependency dependency, Engine engine) The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of identifiers or vulnerabilities.voidJarAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE information.protected voidKnownExploitedVulnerabilityAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Adds information about the known exploited vulnerabilities to the analysis.voidLibmanAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidMSBuildProjectAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidNexusAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidNodeAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidNodePackageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidNpmCPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.voidNugetconfAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.voidNuspecAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidNvdCveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.protected voidOpenSSLAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.protected voidOssIndexAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Collects information about the file name.protected voidPerlCpanfileAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPinnedMavenInstallAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipfileAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipfilelockAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPnpmAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the pnpm lock file to determine vulnerable dependencies.protected voidPoetryAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes poetry packages and adds evidence to the dependency.protected voidPythonDistributionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPythonPackageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.voidRetireJsAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the specified JavaScript file.protected voidRubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Determines if the analyzer can analyze the given file type.protected voidRubyBundlerAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidRubyGemspecAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidSwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidSwiftPackageResolvedAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidUnusedSuppressionRuleAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidVersionFilterAnalyzer.analyzeDependency(Dependency dependency, Engine engine) The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of identifiers or vulnerabilities.protected voidVulnerabilitySuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidYarnAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the yarn lock file to determine vulnerable dependencies.protected booleanJarAnalyzer.analyzePOM(Dependency dependency, List<JarAnalyzer.ClassNameInformation> classes, Engine engine) Attempts to find a pom.xml within the JAR file.protected voidUnusedSuppressionRuleAnalyzer.checkUnusedRules(Engine engine) check unused suppression RULES.protected DependencyAbstractNpmAnalyzer.findDependency(Engine engine, String name, String version) Locates the dependency from the list of dependencies that have been scanned by the engine.static intAbstractSuppressionAnalyzer.getRuleCount(Engine engine) Returns the number of suppression rules currently loaded in the engine.final voidInitialize the abstract analyzer.voidThe prepare method is called (once) prior to the analyze method being called on all of the dependencies.protected voidAbstractAnalyzer.prepareAnalyzer(Engine engine) Prepares a given Analyzer.protected final voidAbstractFileTypeAnalyzer.prepareAnalyzer(Engine engine) Initializes the analyzer.voidAbstractSuppressionAnalyzer.prepareAnalyzer(Engine engine) The prepare method loads the suppression XML file.voidCPEAnalyzer.prepareAnalyzer(Engine engine) Creates the CPE Lucene Index.voidHintAnalyzer.prepareAnalyzer(Engine engine) The prepare method does nothing for this Analyzer.voidKnownExploitedVulnerabilityAnalyzer.prepareAnalyzer(Engine engine) The prepare method does nothing for this Analyzer.protected voidOssIndexAnalyzer.prepareAnalyzer(Engine engine) protected abstract voidAbstractFileTypeAnalyzer.prepareFileTypeAnalyzer(Engine engine) Prepares the file type analyzer for dependency analysis.protected voidAbstractNpmAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.voidArchiveAnalyzer.prepareFileTypeAnalyzer(Engine engine) The prepare method does nothing for this Analyzer.voidArtifactoryAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.voidAssemblyAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initialize the analyzer.protected voidAutoconfAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the file type analyzer.protected voidCarthageAnalyzer.prepareFileTypeAnalyzer(Engine engine) voidCentralAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidCMakeAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer.protected voidCocoaPodsAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidComposerLockAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer.protected voidDartAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidElixirMixAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidGolangDepAnalyzer.prepareFileTypeAnalyzer(Engine engine) No-op initializer implementation.protected voidGolangModAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initialize the go mod analyzer; ensures that go is installed and can be called.voidJarAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the JarAnalyzer.voidLibmanAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidMSBuildProjectAnalyzer.prepareFileTypeAnalyzer(Engine engine) voidNexusAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidNodePackageAnalyzer.prepareFileTypeAnalyzer(Engine engine) Performs validation on the configuration to ensure that the correct analyzers are in place.voidNugetconfAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.voidNuspecAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidOpenSSLAnalyzer.prepareFileTypeAnalyzer(Engine engine) No-op initializer implementation.protected voidPEAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidPerlCpanfileAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidPinnedMavenInstallAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidPipAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the file type analyzer.protected voidPipfileAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the file type analyzer.protected voidPipfilelockAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the file type analyzer.protected voidPnpmAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidPoetryAnalyzer.prepareFileTypeAnalyzer(Engine engine) No-op initializer implementation.protected voidPythonDistributionAnalyzer.prepareFileTypeAnalyzer(Engine engine) Makes sure a usable temporary directory is available.protected voidPythonPackageAnalyzer.prepareFileTypeAnalyzer(Engine engine) No-op initializer implementation.protected voidRetireJsAnalyzer.prepareFileTypeAnalyzer(Engine engine) Prepares the file type analyzer for dependency analysis.voidRubyBundleAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initialize the analyzer.protected voidRubyGemspecAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidSwiftPackageManagerAnalyzer.prepareFileTypeAnalyzer(Engine engine) protected voidSwiftPackageResolvedAnalyzer.prepareFileTypeAnalyzer(Engine engine) voidVersionFilterAnalyzer.prepareFileTypeAnalyzer(Engine engine) No initialization required for this analyzer.protected voidYarnAuditAnalyzer.prepareFileTypeAnalyzer(Engine engine) Initializes the analyzer once before any analysis is performed.protected voidPerlCpanfileAnalyzer.processFileContents(List<String> fileLines, String filePath, Engine engine) protected voidAbstractNpmAnalyzer.processPackage(Engine engine, Dependency dependency, jakarta.json.JsonArray jsonArray, String depType) Processes a part of package.json (as defined by JsonArray) and update the specified dependency with relevant info.protected voidAbstractNpmAnalyzer.processPackage(Engine engine, Dependency dependency, jakarta.json.JsonObject jsonObject, String depType) Processes a part of package.json (as defined by JsonObject) and update the specified dependency with relevant info.protected voidAbstractNpmAnalyzer.processResults(List<Advisory> advisories, Engine engine, Dependency dependency, org.apache.commons.collections4.MultiValuedMap<String, String> dependencyMap) Processes the advisories creating the appropriate dependency objects and adding the resulting vulnerabilities. -
Uses of Engine in org.owasp.dependencycheck.data.update
Methods in org.owasp.dependencycheck.data.update with parameters of type EngineModifier and TypeMethodDescriptionbooleanDeletes any locally cached data.booleanbooleanbooleanbooleanbooleanbooleanDetermines if an update to the current data store is needed, if it is the new data is downloaded from the Internet and imported into the current cached data store.booleanDownloads the current released version number and compares it to the running engine's version number.booleanDownloads the current Hosted suppressions file.booleanbooleanbooleanDownloads the current RetireJS data source. -
Uses of Engine in org.owasp.dependencycheck.processing
Constructors in org.owasp.dependencycheck.processing with parameters of type EngineModifierConstructorDescriptionBundlerAuditProcessor(Dependency gemDependency, Engine engine) Constructs a new processor to consume the output of `bundler-audit`.GoModProcessor(Dependency goDependency, Engine engine) Constructs a new processor to consume the output of `go list -m -json all`.MixAuditProcessor(Dependency mixDependency, Engine engine) Constructs a new processor to consume the output of `mix_audit`. -
Uses of Engine in org.owasp.dependencycheck.utils
Methods in org.owasp.dependencycheck.utils with parameters of type EngineModifier and TypeMethodDescriptionstatic voidExtractionUtil.extractFiles(File archive, File extractTo, Engine engine) Extracts the contents of an archive into the specified directory.