Skip to content

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

License

Notifications You must be signed in to change notification settings

jankroken/dependency-check-plugin

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Build Status Codacy Badge

Dependency-Check Jenkins Plugin

Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.

Dependency-Check is able to identify Java and Python components, Node.js and Ruby Gem packages, and .NET assemblies. Once identified, Dependency-Check will automatically determine if those component have known, publicly disclosed, vulnerabilities.

The Dependency-Check Jenkins Plugin features the ability to perform a dependency analysis build and later view results post build. The plugin is built using analysis-core and features many of the same features that Jenkins static analysis plugins offer, including thresholds, charts and the ability to view vulnerability information should a dependency have one identified.

More information can be found on the wiki.

Mailing List

Subscribe: [[email protected]] subscribe

Post: [[email protected]] post

Copyright & License

Dependency-Check is Copyright (c) 2012-2018 Jeremy Long. All Rights Reserved.

Dependency-Check Jenkins Plugin is Copyright (c) 2013-2018 Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt] license file for the full license.

Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] notices file for more information.

About

Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Java 93.7%
  • HTML 6.2%
  • Shell 0.1%