Open Yesh-AJ-006 opened 12 months ago
http://jeremylong.github.io/DependencyCheck/analyzers/index.html
lists all the filetypes that are supported for scanning.
Does that mean not supported? what's the future plan in case need support?
DependencyCheck does not scan code, but dependencies. I don't know what tools you use to go from code to application, but it's the toolsuite configuration files and some types of binaries that are getting scanned by the various analyzers (and in addition, where available, the toolsuite plugins (e.g. maven, gradle, ant) contribute the dependency-information available from the plugin's runtime-accessible dependency information).
New toolsets can be contributed by the community (and have been in the past)
Is C++/MFC code scan supported, if yes, can you share some of the documents? We have Jenkins and Bamboo, we use both plugin and CLI OWASP dependency checker