go>> dirty-dependency-check>> 返回
项目作者: andresriancho

项目描述 :
Vulnerability dependency check for Maven projects
高级语言: Python
项目地址: git://github.com/andresriancho/dirty-dependency-check.git
创建时间: 2018-08-29T14:34:06Z
项目社区:https://github.com/andresriancho/dirty-dependency-check
开源协议:GNU General Public License v3.0
下载


Dirty dependency check

This tool will parse a pom.xml file, extract all dependencies, and check them
against NIST’s vulnerability database.

OWASP Dependency Check requires
you to be able to build the project maven project, dirty dependency check will work
even when some dependencies are missing (ie. they are in a private repository).

Disclaimer

This tool is not a replacement for OWASP Dependency Check,
just a hack to make my life easier during Java application security assessments.

Dependencies

  • Maven (apt-get install maven)

Run

  1. python dependency-check.py --pom=~/current-project/src/pom.xml --output=vulnerabilities.json

Updating the NIST DB

  1. git clone https://github.com/stevespringett/nist-data-mirror.git
  2. cd nist-data-mirror
  3. mvn clean package
  4. cd target
  5. rm -rf mirror/*
  6. mkdir -p mirror
  7. java -jar nist-data-mirror.jar mirror json
  8. cp mirror/*.json.gz ../../dirty-dependency-check/data/