ejohn20
commented
4 years ago Short story - Dependency check does not send your code anywhere. All analysis happens locally.
The main project is here: https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html.
This is simply a wrapper that automates it on an Azure DevOps build agent.
Hi, Is there documentation on how the scanning works on a high level? E.g. is the code send over to a server somewhere on the internet? Would like to better understand as the company I work for is considering using this extension. But before that happens, we need a better understanding of how it works.