Dependency-Check Core

Dependency-check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

Homepage POM file JAR file Javadoc

'org.owasp:dependency-check-core:1.0.4'

<dependency>
	<groupId>org.owasp</groupId>
	<artifactId>dependency-check-core</artifactId>
	<version>1.0.4</version>
</dependency>

<dependency org="org.owasp" name="dependency-check-core" rev="1.0.4"/>

"org.owasp", "dependency-check-core", "1.0.4"

Dependencies

Compile dependencies

com.google.code.findbugs » annotations » 2.0.1 (optional)
com.h2database » h2 » 1.3.172
commons-cli » commons-cli » 1.2
commons-io » commons-io » 2.4
commons-lang » commons-lang » 2.5
org.apache.commons » commons-compress » 1.5
org.apache.lucene » lucene-analyzers-common » 4.3.1
org.apache.lucene » lucene-core » 4.3.1
org.apache.lucene » lucene-queryparser » 4.3.1
org.apache.velocity » velocity » 1.7
org.apache.velocity » velocity-tools » 2.0
org.jsoup » jsoup » 1.7.2

Provided dependencies

com.hazelcast » hazelcast » 2.5 (optional)
net.sf.ehcache » ehcache-core » 2.2.0 (optional)
org.apache.axis2 » axis2-adb » 1.4.1 (optional)
org.apache.axis2 » axis2-spring » 1.4.1 (optional)
org.apache.geronimo.daytrader » daytrader-ear » 2.1.7 (optional)
org.apache.maven.scm » maven-scm-provider-cvsexe » 1.8.1 (optional)
org.apache.struts » struts2-core » 2.1.2 (optional)
org.dojotoolkit » dojo-war » 1.3.0 (optional)
org.glassfish.main.admingui » war » 4.0 (optional)
org.mortbay.jetty » jetty » 6.1.0 (optional)
org.springframework » spring-webmvc » 2.5.5 (optional)

Test dependencies

junit » junit » 4.11
org.apache.lucene » lucene-test-framework » 4.3.1