Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Hi, I am trying to analyze a massive of maven projects using eclipse steady plugin. I need both the dependency list and the CVE list. But steady:report only provides CVE lists and their related dependencies. If I want to get the full BOM, I have to go to the webpage, which is a nightmare for batch operation.
I am wondering are there any configurations that I missed that can help me get the full BOM list?
If not, is there any possibility you can provide the feature to generate an aggregate dependency list report locally? Preferring JSON format. :smile:
solved, actually, I can get the list through the internal API.
get deps: {backend_url}/apps/{group}/{artifact}/{version}/deps
get vulns: {backend_url}/apps/{group}/{artifact}/{version}/vulndeps
Hi, I am trying to analyze a massive of maven projects using eclipse steady plugin. I need both the dependency list and the CVE list. But
steady:report
only provides CVE lists and their related dependencies. If I want to get the full BOM, I have to go to the webpage, which is a nightmare for batch operation. I am wondering are there any configurations that I missed that can help me get the full BOM list? If not, is there any possibility you can provide the feature to generate an aggregate dependency list report locally? Preferring JSON format. :smile: