search

tomasbjerre / violations-lib

Java library for parsing report files from static code analysis.
Apache License 2.0
148 stars 39 forks source link

Dependency Check plugin parser/support #172

Closed spyhunter99 closed 1 year ago

spyhunter99 commented 1 year ago

The dependency check plugin(s) check your dependencies for known published security vulnerabilities via the Common Vulnerabilities and Exposures website .

It's available for maven gradle and many other build systems. https://jeremylong.github.io/DependencyCheck/

For maven users, the following should generate an XML file in the target folder mvn org.owasp:dependency-check-maven:7.4.1:check -Dformat=XML

The xml output is rather large to paste here, but if needed i can run it against some open source repos

tomasbjerre commented 1 year ago

Actually, it is supported with the SARIF format. And Jeremy Long has contributed to that parser in this library: https://github.com/tomasbjerre/violations-lib/commits?author=jeremylong

I am updating the documentation about this.

Open issue again if any other issues!