Dependency Check plugin parser/support
spyhunter99 opened this issue · comments
The dependency check plugin(s) check your dependencies for known published security vulnerabilities via the Common Vulnerabilities and Exposures website .
It's available for maven gradle and many other build systems.
https://jeremylong.github.io/DependencyCheck/
For maven users, the following should generate an XML file in the target folder
mvn org.owasp:dependency-check-maven:7.4.1:check -Dformat=XML
The xml output is rather large to paste here, but if needed i can run it against some open source repos
Actually, it is supported with the SARIF
format. And Jeremy Long has contributed to that parser in this library:
https://github.com/tomasbjerre/violations-lib/commits?author=jeremylong
I am updating the documentation about this.
Open issue again if any other issues!