Stack Overflow
Stack Overflow

Questions tagged [owasp-dependency-check]

OWASP Dependency-Check is a tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It can be run as a command line application, or using popular build systems such as Maven, Gradle or Brew.

Home page: https://owasp.org/www-project-dependency-check/

Documentation: https://jeremylong.github.io/DependencyCheck/

19 questions
0
votes
1 answer

SonarQube Dependency-check plugin

Using the latest community edition of Sonarqube sonarqube-10.0.0.68432.zip I installed the Dependency-check plugin from the marketplace. After running dependency-check on the files in my repo and producing the relevent JSON anf HTML files (I checked…
eramm
  • 191
  • 16
0
votes
0 answers

Remove OWASP from pom file and use it in command line

I have a requirement to run Owasp Dependency check in dev infra alone, not on UAT and PROD. Our M2 repo is hosted in a airgap infra. Currently we have a OWASP plugin configured part of Pom file which works fine, but i need to remove from pom file…
Julie
  • 37
  • 6
0
votes
0 answers

Suppress vulnurability detection for single dependency

I use the OWASP Dependency Check Maven plug-in to scan my project dependencies for reported vulnerabilities. I have developed three projects that I scan, lets call them App1, App2 and and internal library IntLib. Both App1 and App2 has a dependency…
Lii
  • 11,553
  • 8
  • 64
  • 88
0
votes
1 answer

OWASP Dependency check : Adding modelVersion version to dependency check report

I''m using the Maven Plugin of the OWASP Dependency Check in a multimodule project. Currently, the XML report provided by the dependency check only contains the below information, which doesn't include the "Component" version for which we are doing…
Prakhash
  • 644
  • 2
  • 9
  • 20
1
2