dependency-check-cli

pkg:maven/org.owasp/dependency-check-cli@12.1.8

Used in: 0 components

Overview
Overview

Versions
Versions

Dependents
Dependents

Dependencies
Dependencies

Overview

Description

dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies. The tool will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.

Snippets

<dependency>
    <groupId>org.owasp</groupId>
    <artifactId>dependency-check-cli</artifactId>
    <version>12.1.8</version>
</dependency>

Maven POM File

<!--
This file is part of Dependency-Check.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.owasp</groupId>
        <artifactId>dependency-check-parent</artifactId>
        <version>12.1.8</version>
    </parent>

    <artifactId>dependency-check-cli</artifactId>
    <packaging>jar</packaging>

    <name>Dependency-Check Command Line</name>
    <description>dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies. The tool will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and the associated Common Vulnerability and Exposure (CVE) entries.</description>
    <scm>
        <connection>scm:git:https://github.com/dependency-check/DependencyCheck.git</connection>
        <url>https://github.com/dependency-check/DependencyCheck/tree/main/cli</url>
        <developerConnection>scm:git:git@github.com/dependency-check/DependencyCheck.git</developerConnection>
        <tag>v12.1.8</tag>
    </scm>
    <build>
        <finalName>dependency-check-${project.version}</finalName>
        <resources>
            <resource>
                <directory>src/main/resources</directory>
                <includes>
                    <include>logback.xml</include>
                </includes>
            </resource>
            <resource>
                <directory>src/main/resources</directory>
                <includes>
                    <include>completion-for-dependency-check.sh</include>
                </includes>
		<targetPath>../release/bin</targetPath>
            </resource>
            <resource>
                <directory>${basedir}</directory>
                <targetPath>META-INF</targetPath>
                <includes>
                    <include>LICENSE.txt</include>
                    <include>NOTICE.txt</include>
                </includes>
            </resource>
        </resources>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jar-plugin</artifactId>
                <configuration>
                    <archive>
                        <manifest>
                            <mainClass>org.owasp.dependencycheck.App</mainClass>
                        </manifest>
                    </archive>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>appassembler-maven-plugin</artifactId>
                <configuration>
                    <programs>
                        <program>
                            <mainClass>org.owasp.dependencycheck.App</mainClass>
                            <id>dependency-check</id>
                        </program>
                    </programs>
                    <assembleDirectory>${project.build.directory}/release</assembleDirectory>
                    <licenseHeaderFile>${basedir}/src/main/assembly/license.txt</licenseHeaderFile>
                    <binFileExtensions>
                        <unix>.sh</unix>
                    </binFileExtensions>
                    <repositoryLayout>flat</repositoryLayout>
                    <repositoryName>lib</repositoryName>
                    <useWildcardClassPath>true</useWildcardClassPath>
                    <configurationDirectory>plugins/*</configurationDirectory>
                    <includeConfigurationDirectoryInClasspath>true</includeConfigurationDirectoryInClasspath>
                    <unixScriptTemplate>${project.basedir}/src/main/conf/unixBinTemplate</unixScriptTemplate>
                    <!--
                       enable-native-access=ALL-UNNAMED
                            Java 21+: Needed by Lucene indexes unless we do -Dorg.apache.lucene.store.MMapDirectory.enableMemorySegments=false
                                      to go back to regular ByteBuffer (non-native) usage.
                       -XX:+IgnoreUnrecognizedVMOptions
                            Java <21: Allow use of enable-native-access on Java 11 JVMs without errors -->
                    <extraJvmArguments>--enable-native-access=ALL-UNNAMED -XX:+IgnoreUnrecognizedVMOptions</extraJvmArguments>
                </configuration>
                <executions>
                    <execution>
                        <id>assemble</id>
                        <phase>package</phase>
                        <goals>
                            <goal>assemble</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-antrun-plugin</artifactId>
                <executions>
                    <execution>
                        <id>fix-windows-shell-script</id>
                        <phase>package</phase>
                        <goals>
                            <goal>run</goal>
                        </goals>
                        <configuration>
                            <!-- Hack/workaround for https://github.com/mojohaus/appassembler/issues/114 -->
                            <target>
                                <replace file="${project.build.directory}/release/bin/dependency-check.bat" token="%JAVACMD% %JAVA_OPTS%" value="&quot;%JAVACMD%&quot; %JAVA_OPTS%" failOnNoReplacements="true" />
                            </target>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-assembly-plugin</artifactId>
                <configuration>
                    <attach>true</attach>
                </configuration>
                <executions>
                    <execution>
                        <id>create-distribution</id>
                        <phase>package</phase>
                        <goals>
                            <goal>single</goal>
                        </goals>
                        <configuration>
                            <descriptors>
                                <descriptor>src/main/assembly/release.xml</descriptor>
                            </descriptors>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>
    <dependencies>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-core</artifactId>
        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
        </dependency>
        <dependency>
            <groupId>commons-cli</groupId>
            <artifactId>commons-cli</artifactId>
        </dependency>
        <dependency>
            <groupId>org.owasp</groupId>
            <artifactId>dependency-check-core</artifactId>
            <version>${project.parent.version}</version>
        </dependency>
        <dependency>
            <groupId>org.owasp</groupId>
            <artifactId>dependency-check-utils</artifactId>
            <version>${project.parent.version}</version>
        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
        </dependency>
        <dependency>
            <groupId>io.github.jeremylong</groupId>
            <artifactId>jcs3-slf4j</artifactId>
        </dependency>
        <dependency>
            <!-- not visible in imports due to method chaining, but App code uses classes from this library -->
            <groupId>io.github.jeremylong</groupId>
            <artifactId>open-vulnerability-clients</artifactId>
        </dependency>
        <dependency>
            <groupId>org.apache.ant</groupId>
            <artifactId>ant</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.ant</groupId>
                    <artifactId>ant-launcher</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>com.sun</groupId>
                    <artifactId>tools</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>
</project>

Metadata

Age:16 days ago

Licenses:

The Apache Software License, Version 2.0

Organization

org.owasp

External Resources

Project URL

Issue Tracker URL

Source Control

Continuous Integration

Known Contributors

Hugo CostaJeremy LongWill StranathanSteve SpringettDale Visser

OSS Index

View