Uses of Class
org.owasp.dependencycheck.dependency.Dependency
Packages that use Dependency
Package
Description
Includes the main entry point for dependency-check.
The agent package holds an agent API that can be used by other applications that have information about dependencies; but would
rather implement something in their code directly rather then spawn a process to run the entire dependency-check engine.
Analyzers are used to inspect the identified dependencies, collect Evidence, and process the dependencies.
Contains classes related to searching Artifactory Maven repository.
These are used to abstractArtifactory searching away from OWASP Dependency Check so they can be reused elsewhere.
These are used to abstractArtifactory searching away from OWASP Dependency Check so they can be reused elsewhere.
Contains classes for working with the Go Lang project data.
Contains the core Dependency implementation.
Classes used to process the output of external tools.
Contains classes used to generate reports.
This package contains classes used to parse pom.xml files.
Contains classes used to suppress findings.
-
Uses of Dependency in org.owasp.dependencycheck
Methods in org.owasp.dependencycheck that return DependencyModifier and TypeMethodDescriptionEngine.getDependencies()Returns a copy of the dependencies as an array.protected DependencyScans a specified file.protected DependencyScans a specified file.Methods in org.owasp.dependencycheck that return types with arguments of type DependencyModifier and TypeMethodDescription@Nullable List<Dependency> Scans a given file or directory.Scans a given file or directory.Scans an array of files or directories.Scans an array of files or directories.Scans a given file or directory.Scans an array of files or directories.Scans an array of files or directories.Scans a given file or directory.Engine.scan(Collection<File> files) Scans a collection of files or directories.Engine.scan(Collection<File> files, String projectReference) Scans a collection of files or directories.protected List<Dependency> Engine.scanDirectory(@NonNull File dir, @Nullable String projectReference) Recursively scans files and directories.protected List<Dependency> Engine.scanDirectory(File dir) Recursively scans files and directories.Methods in org.owasp.dependencycheck with parameters of type DependencyModifier and TypeMethodDescriptionvoidEngine.addDependency(Dependency dependency) Adds a dependency.voidEngine.removeDependency(@NonNull Dependency dependency) Removes the dependency.Method parameters in org.owasp.dependencycheck with type arguments of type DependencyModifier and TypeMethodDescriptionvoidEngine.setDependencies(@NonNull List<Dependency> dependencies) Sets the dependencies.Constructors in org.owasp.dependencycheck with parameters of type DependencyModifierConstructorDescriptionAnalysisTask(Analyzer analyzer, Dependency dependency, Engine engine, List<Throwable> exceptions) Creates a new analysis task. -
Uses of Dependency in org.owasp.dependencycheck.agent
Methods in org.owasp.dependencycheck.agent that return types with arguments of type DependencyModifier and TypeMethodDescriptionDependencyCheckScanAgent.getDependencies()Returns a list of pre-determined dependencies.Methods in org.owasp.dependencycheck.agent with parameters of type DependencyModifier and TypeMethodDescriptionstatic voidDependencyCheckScanAgent.showSummary(String projectName, Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.static voidDependencyCheckScanAgent.showSummary(Dependency[] dependencies) Generates a warning message listing a summary of dependencies and their associated CPE and CVE entries.Method parameters in org.owasp.dependencycheck.agent with type arguments of type DependencyModifier and TypeMethodDescriptionvoidDependencyCheckScanAgent.setDependencies(List<Dependency> dependencies) Sets the list of dependencies to scan. -
Uses of Dependency in org.owasp.dependencycheck.analyzer
Methods in org.owasp.dependencycheck.analyzer that return DependencyModifier and TypeMethodDescriptionprotected DependencyAbstractNpmAnalyzer.createDependency(Dependency dependency, String name, String version, String scope) Construct a dependency object.protected DependencyAbstractNpmAnalyzer.findDependency(Engine engine, String name, String version) Locates the dependency from the list of dependencies that have been scanned by the engine.protected DependencyDependencyMergingAnalyzer.getMainAndroidDependency(Dependency dependency1, Dependency dependency2) Determines which of the android dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainDotnetDependency(Dependency dependency1, Dependency dependency2) Determines which of the dotnet dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainGemspecDependency(Dependency dependency1, Dependency dependency2) Ruby gems installed by "bundle install" can have zero or more *.gemspec files, all of which have the same packagePath and should be grouped.protected DependencyDependencyMergingAnalyzer.getMainSwiftDependency(Dependency dependency1, Dependency dependency2) Determines which of the swift dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainVirtualDependency(Dependency dependency1, Dependency dependency2) Determines which of the virtual dependencies should be considered the primary.Methods in org.owasp.dependencycheck.analyzer with parameters of type DependencyModifier and TypeMethodDescriptionstatic StringJarAnalyzer.addDescription(Dependency dependency, String description, String source, String key) Adds a description to the given dependency.protected static voidAssemblyAnalyzer.addMatchingValues(List<String> packages, String value, Dependency dep, EvidenceType type) Cycles through the collection of class name information to see if parts of the package names are contained in the provided value.protected static voidJarAnalyzer.addMatchingValues(List<JarAnalyzer.ClassNameInformation> classes, String value, Dependency dep, EvidenceType type) Cycles through the collection of class name information to see if parts of the package names are contained in the provided value.final voidAbstractAnalyzer.analyze(Dependency dependency, Engine engine) Analyzes a given dependency.voidAnalyzer.analyze(Dependency dependency, Engine engine) Analyzes the given dependency.protected abstract voidAbstractAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.protected voidAbstractDependencyComparingAnalyzer.analyzeDependency(Dependency ignore, Engine engine) Analyzes a set of dependencies.protected voidAbstractSuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidArchiveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a given dependency.voidArtifactoryAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.voidAssemblyAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis on a single Dependency.protected voidAutoconfAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidCarthageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidCentralAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidCMakeAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.protected voidCocoaPodsAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidComposerLockAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Entry point for the analyzer.protected voidCPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.protected voidCpeSuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidDartAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidElixirMixAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Determines if the analyzer can analyze the given file type.protected voidFalsePositiveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the dependencies and removes bad/incorrect CPE associations based on various heuristics.protected voidFileNameAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Collects information about the file name.protected voidGolangDepAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes go packages and adds evidence to the dependency.protected voidGolangModAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes go packages and adds evidence to the dependency.protected voidHintAnalyzer.analyzeDependency(Dependency dependency, Engine engine) The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of identifiers or vulnerabilities.voidJarAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Loads a specified JAR file and collects information from the manifest and checksums to identify the correct CPE information.protected voidKnownExploitedVulnerabilityAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Adds information about the known exploited vulnerabilities to the analysis.voidLibmanAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidMSBuildProjectAnalyzer.analyzeDependency(Dependency dependency, Engine engine) voidNexusAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidNodeAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidNodePackageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidNpmCPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.voidNugetconfAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.voidNuspecAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Performs the analysis.protected voidNvdCveAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes a dependency and attempts to determine if there are any CPE identifiers for this dependency.protected voidOpenSSLAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.protected voidOssIndexAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPEAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Collects information about the file name.protected voidPerlCpanfileAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPinnedMavenInstallAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipfileAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPipfilelockAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPnpmAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the pnpm lock file to determine vulnerable dependencies.protected voidPoetryAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes poetry packages and adds evidence to the dependency.protected voidPythonDistributionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidPythonPackageAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes python packages and adds evidence to the dependency.voidRetireJsAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the specified JavaScript file.protected voidRubyBundleAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Determines if the analyzer can analyze the given file type.protected voidRubyBundlerAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidRubyGemspecAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidSwiftPackageManagerAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidSwiftPackageResolvedAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidUnusedSuppressionRuleAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidVersionFilterAnalyzer.analyzeDependency(Dependency dependency, Engine engine) The HintAnalyzer uses knowledge about a dependency to add additional information to help in identification of identifiers or vulnerabilities.protected voidVulnerabilitySuppressionAnalyzer.analyzeDependency(Dependency dependency, Engine engine) protected voidYarnAuditAnalyzer.analyzeDependency(Dependency dependency, Engine engine) Analyzes the yarn lock file to determine vulnerable dependencies.protected voidJarAnalyzer.analyzePackageNames(List<JarAnalyzer.ClassNameInformation> classNames, Dependency dependency, boolean addPackagesAsEvidence) Analyzes the path information of the classes contained within the JarAnalyzer to try and determine possible vendor or product names.protected booleanJarAnalyzer.analyzePOM(Dependency dependency, List<JarAnalyzer.ClassNameInformation> classes, Engine engine) Attempts to find a pom.xml within the JAR file.protected List<JarAnalyzer.ClassNameInformation> JarAnalyzer.collectClassNames(Dependency dependency) Cycles through an enumeration of JarEntries, contained within the dependency, and returns a list of the class names.protected DependencyAbstractNpmAnalyzer.createDependency(Dependency dependency, String name, String version, String scope) Construct a dependency object.protected voidCPEAnalyzer.determineCPE(Dependency dependency) Searches the data store of CPE entries, trying to identify the CPE for the given dependency based on the evidence contained within.protected booleanCPEAnalyzer.determineIdentifiers(Dependency dependency, String vendor, String product, Confidence currentConfidence) Retrieves a list of CPE values from the CveDB based on the vendor and product passed in.protected abstract booleanAbstractDependencyComparingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesprotected booleanDependencyBundlingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesprotected booleanDependencyMergingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesstatic voidJarAnalyzer.extractLicense(Model pom, Dependency dependency) Extracts the license information from the pom and adds it to the dependency.protected List<MavenArtifact> CentralAnalyzer.fetchMavenArtifacts(Dependency dependency) Downloads the corresponding list of MavenArtifacts of the given dependency from MavenCentral.voidAbstractNpmAnalyzer.gatherEvidence(jakarta.json.JsonObject json, Dependency dependency) Collects evidence from the given JSON for the associated dependency.protected DependencyDependencyMergingAnalyzer.getMainAndroidDependency(Dependency dependency1, Dependency dependency2) Determines which of the android dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainDotnetDependency(Dependency dependency1, Dependency dependency2) Determines which of the dotnet dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainGemspecDependency(Dependency dependency1, Dependency dependency2) Ruby gems installed by "bundle install" can have zero or more *.gemspec files, all of which have the same packagePath and should be grouped.protected DependencyDependencyMergingAnalyzer.getMainSwiftDependency(Dependency dependency1, Dependency dependency2) Determines which of the swift dependencies should be considered the primary.protected DependencyDependencyMergingAnalyzer.getMainVirtualDependency(Dependency dependency1, Dependency dependency2) Determines which of the virtual dependencies should be considered the primary.protected booleanDependencyBundlingAnalyzer.isCore(Dependency left, Dependency right) This is likely a very broken attempt at determining if the 'left' dependency is the 'core' library in comparison to the 'right' library.protected booleanDependencyMergingAnalyzer.isSameRubyGem(Dependency dependency1, Dependency dependency2) Bundling Ruby gems that are identified from different .gemspec files but denote the same package path.protected booleanDependencyMergingAnalyzer.isSameSwiftPackage(Dependency dependency1, Dependency dependency2) Bundling same swift dependencies with the same packagePath but identified by different file type analyzers.protected booleanDependencyBundlingAnalyzer.isShadedJar(Dependency dependency, Dependency nextDependency) Determines if the jar is shaded and the created pom.xml identified the same CPE as the jar - if so, the pom.xml dependency should be removed.protected booleanDependencyBundlingAnalyzer.isWebJar(Dependency dependency, Dependency nextDependency) Determines if a JS file is from a webjar dependency.static voidDependencyBundlingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove) Adds the relatedDependency to the dependency's related dependencies.static voidDependencyBundlingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove, boolean copyVulnsAndIds) Adds the relatedDependency to the dependency's related dependencies.static voidDependencyMergingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove) Adds the relatedDependency to the dependency's related dependencies.protected booleanJarAnalyzer.parseManifest(Dependency dependency, List<JarAnalyzer.ClassNameInformation> classInformation) Reads the manifest from the JAR file and collects the entries.protected voidAbstractNpmAnalyzer.processPackage(Engine engine, Dependency dependency, jakarta.json.JsonArray jsonArray, String depType) Processes a part of package.json (as defined by JsonArray) and update the specified dependency with relevant info.protected voidAbstractNpmAnalyzer.processPackage(Engine engine, Dependency dependency, jakarta.json.JsonObject jsonObject, String depType) Processes a part of package.json (as defined by JsonObject) and update the specified dependency with relevant info.protected voidAbstractNpmAnalyzer.processResults(List<Advisory> advisories, Engine engine, Dependency dependency, org.apache.commons.collections4.MultiValuedMap<String, String> dependencyMap) Processes the advisories creating the appropriate dependency objects and adding the resulting vulnerabilities.protected voidFalsePositiveAnalyzer.removeBadMatches(Dependency dependency) Removes bad CPE matches for a dependency.protected voidAbstractNpmAnalyzer.replaceOrAddVulnerability(Dependency dependency, Vulnerability vuln) Evaluates if the vulnerability is already present; if it is the vulnerability is not added.static booleanJarAnalyzer.setPomEvidence(Dependency dependency, Model pom, List<JarAnalyzer.ClassNameInformation> classes, boolean isMainPom) Sets evidence from the pom on the supplied dependency.Method parameters in org.owasp.dependencycheck.analyzer with type arguments of type DependencyModifier and TypeMethodDescriptionprotected abstract booleanAbstractDependencyComparingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesprotected booleanDependencyBundlingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesprotected booleanDependencyMergingAnalyzer.evaluateDependencies(Dependency dependency, Dependency nextDependency, Set<Dependency> dependenciesToRemove) Evaluates the dependenciesstatic voidDependencyBundlingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove) Adds the relatedDependency to the dependency's related dependencies.static voidDependencyBundlingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove, boolean copyVulnsAndIds) Adds the relatedDependency to the dependency's related dependencies.static voidDependencyMergingAnalyzer.mergeDependencies(Dependency dependency, Dependency relatedDependency, Set<Dependency> dependenciesToRemove) Adds the relatedDependency to the dependency's related dependencies. -
Uses of Dependency in org.owasp.dependencycheck.data.artifactory
Methods in org.owasp.dependencycheck.data.artifactory with parameters of type DependencyModifier and TypeMethodDescriptionArtifactorySearch.search(Dependency dependency) Searches the configured Central URL for the given hash (MD5, SHA1 and SHA256). -
Uses of Dependency in org.owasp.dependencycheck.data.golang
Methods in org.owasp.dependencycheck.data.golang that return DependencyModifier and TypeMethodDescriptionGoModDependency.toDependency(Dependency parentDependency) Converts the GoModDependency into a Dependency object.Methods in org.owasp.dependencycheck.data.golang with parameters of type DependencyModifier and TypeMethodDescriptionGoModDependency.toDependency(Dependency parentDependency) Converts the GoModDependency into a Dependency object. -
Uses of Dependency in org.owasp.dependencycheck.dependency
Fields in org.owasp.dependencycheck.dependency with type parameters of type DependencyModifier and TypeFieldDescriptionstatic final Comparator<Dependency> Dependency.NAME_COMPARATORSimple sorting by display file name and actual file path.Methods in org.owasp.dependencycheck.dependency that return types with arguments of type DependencyModifier and TypeMethodDescriptionDependency.getRelatedDependencies()Get the unmodifiable set ofDependency.relatedDependencies.Methods in org.owasp.dependencycheck.dependency with parameters of type DependencyModifier and TypeMethodDescriptionvoidDependency.addRelatedDependency(Dependency dependency) Adds a related dependency.voidDependency.removeRelatedDependencies(Dependency dependency) Removes a related dependency. -
Uses of Dependency in org.owasp.dependencycheck.processing
Constructors in org.owasp.dependencycheck.processing with parameters of type DependencyModifierConstructorDescriptionBundlerAuditProcessor(Dependency gemDependency, Engine engine) Constructs a new processor to consume the output of `bundler-audit`.GoModProcessor(Dependency goDependency, Engine engine) Constructs a new processor to consume the output of `go list -m -json all`.MixAuditProcessor(Dependency mixDependency, Engine engine) Constructs a new processor to consume the output of `mix_audit`. -
Uses of Dependency in org.owasp.dependencycheck.reporting
Method parameters in org.owasp.dependencycheck.reporting with type arguments of type DependencyModifier and TypeMethodDescriptionReportTool.convertToSarifRules(List<Dependency> dependencies) Creates a list of SARIF rules for the SARIF report.Constructor parameters in org.owasp.dependencycheck.reporting with type arguments of type DependencyModifierConstructorDescriptionReportGenerator(String applicationName, String groupID, String artifactID, String version, List<Dependency> dependencies, List<Analyzer> analyzers, DatabaseProperties properties, Settings settings) Deprecated.ReportGenerator(String applicationName, String groupID, String artifactID, String version, List<Dependency> dependencies, List<Analyzer> analyzers, DatabaseProperties properties, Settings settings, ExceptionCollection exceptions) Constructs a new ReportGenerator.ReportGenerator(String applicationName, List<Dependency> dependencies, List<Analyzer> analyzers, DatabaseProperties properties, Settings settings) ReportGenerator(String applicationName, List<Dependency> dependencies, List<Analyzer> analyzers, DatabaseProperties properties, Settings settings, ExceptionCollection exceptions) Constructs a new ReportGenerator. -
Uses of Dependency in org.owasp.dependencycheck.xml.pom
Methods in org.owasp.dependencycheck.xml.pom with parameters of type DependencyModifier and TypeMethodDescriptionstatic voidPomUtils.analyzePOM(Dependency dependency, File pomFile) Reads in the pom file and adds elements as evidence to the given dependency. -
Uses of Dependency in org.owasp.dependencycheck.xml.suppression
Methods in org.owasp.dependencycheck.xml.suppression with parameters of type DependencyModifier and TypeMethodDescriptionvoidSuppressionRule.process(Dependency dependency) Processes a given dependency to determine if any CPE, CVE, CWE, or CVSS scores should be suppressed.
ReportGenerator(String, String, String, String, List, List, DatabaseProperties, Settings, ExceptionCollection)