MavenDependencyCheck
An automation script to run OWASP Dependency-Check on multiple Maven Based projects.
This script basically clones the given repositories and builds them using maven. Once successful, it runs dependency-check on them and generates the reports
Requirements
- Python modules: os & shutil
- Maven: Installation instructions can be found here
repo.conf
containing the git commands to be run for cloning the projects
Example commands for repo.conf
git clone https://github.com/elderstudios/uni-dvwa-spring.git
Usage
python depcheck.py
And let the script do the magic
Tested and working fine on CentOS Linux release 7.6.1810 (Core) with Python 2.7.5.
Dependency: Unix/Linux environment
Note: Dependency check might need internet access to update the NVD Database for which a proxy might needed if you are in a restricted environment. To configure this script to use proxy for this use this sample code to configure your proxy settings and uncomment line 57 and comment out line 56. Refer: Dependency check Command Line Arguments
For running the mvn command using a proxy refer this article
Supported report formats
- XML
- HTML
- CSV
- JSON
- JUNIT
- SARIF
Note: By default the script generates reports in all the formats, individual report format can be set using the-f
or--format
arguments on line 56.
Authors
Credits
- OWASP Dependency Check by Jeremy Long
- Shrutirupa Banerjiee & Aishwarya Iyer for reviewing