GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jenkinsci → dependency-check-plugin

jenkinsci / dependency-check-plugin

Licence: Apache-2.0 license
Jenkins plugin for OWASP Dependency-Check. Inspects project components for known vulnerabilities (e.g. CVEs).

Programming Languages

java
68154 projects - #9 most used programming language
CSS
56736 projects
javascript
184084 projects - #8 most used programming language
HTML
75241 projects
shell
77523 projects

Labels

securitydevopsowaspjenkins-pluginvisibilityvulnerabilitiesappseccomponent-analysisnvdsoftware-securityowasp-dependencycheck

Projects that are alternatives of or similar to dependency-check-plugin

Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (+74.77%)
Mutual labels:  owasp, vulnerabilities, appsec
zap-sonar-plugin
Integrates OWASP Zed Attack Proxy reports into SonarQube
Stars: ✭ 66 (-38.32%)
Mutual labels:  owasp, appsec, software-security
Dependency Track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Stars: ✭ 718 (+571.03%)
Mutual labels:  owasp, vulnerabilities, appsec
Dependency Check Sonar Plugin
Integrates Dependency-Check reports into SonarQube
Stars: ✭ 332 (+210.28%)
Mutual labels:  owasp, vulnerabilities, appsec
Awesome Nodejs Security
Awesome Node.js Security resources
Stars: ✭ 1,294 (+1109.35%)
Mutual labels:  owasp, vulnerabilities
www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
Stars: ✭ 10 (-90.65%)
Mutual labels:  owasp, appsec
Securityrat
OWASP SecurityRAT (version 1.x) - Tool for handling security requirements in development
Stars: ✭ 115 (+7.48%)
Mutual labels:  owasp, appsec
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (-66.36%)
Mutual labels:  appsec, software-security
Owasp Vwad
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Stars: ✭ 487 (+355.14%)
Mutual labels:  owasp, appsec
Zap Hud
The OWASP ZAP Heads Up Display (HUD)
Stars: ✭ 201 (+87.85%)
Mutual labels:  owasp, appsec
www-project-code-review-guide
OWASP Code Review Guide Web Repository
Stars: ✭ 74 (-30.84%)
Mutual labels:  owasp, appsec
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (-32.71%)
Mutual labels:  owasp, vulnerabilities
Zaproxy
The OWASP ZAP core project
Stars: ✭ 9,078 (+8384.11%)
Mutual labels:  owasp, appsec
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 7,533 (+6940.19%)
Mutual labels:  owasp, appsec
www-project-zap
OWASP Zed Attack Proxy project landing page.
Stars: ✭ 52 (-51.4%)
Mutual labels:  owasp, appsec
cwe-tool
A command line CWE discovery tool based on OWASP / CAPSEC database of Common Weakness Enumeration.
Stars: ✭ 40 (-62.62%)
Mutual labels:  owasp, vulnerabilities
nodejssecurity
Documentation for Essential Node.js Security
Stars: ✭ 64 (-40.19%)
Mutual labels:  owasp, appsec
Juice Shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Stars: ✭ 6,270 (+5759.81%)
Mutual labels:  owasp, appsec
Zap Extensions
OWASP ZAP Add-ons
Stars: ✭ 486 (+354.21%)
Mutual labels:  owasp, appsec
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (-66.36%)
Mutual labels:  owasp, appsec
View All Similar Projects ➔

Build Status License Plugin Version Jenkins Plugin Installs JIRA

Dependency-Check Jenkins Plugin

Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2017: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.

Usage

The plugin has three main components: a globally defined tool configuration, a builder, and a publisher.

Global Tool Configuration

One or more Dependency-Check versions can be installed via the Jenkins Global Tool Configuration. The installation of Dependency-Check can be performed automatically, which will download and extract the official Command-Line Interface (CLI) from Bintray, or an official distribution can be installed manually and the path to the installation referenced in the configuration.

global tool configuration

Builder

The builder performs an analysis using one of the pre-defined Dependency-Check CLI installations. Configuration specific to Jenkins is minimal, with important aspects of the job configuration being the 'Arguments' field, which is sent directly to the CLI installation defined.

builder configuration

Publisher

The publisher works independently of the tool configuration or builder and is responsible for reading dependency-check-report.xml and generating metrics, trends, findings, and optionally failing the build or putting it into a warning state based on configurable thresholds.

publisher configuration


When a job has the publisher configured, a trending chart will display the total number of findings grouped by severity.


publisher trend


The chart is interactive. Hovering over a build will display high-level severity information.


publisher trend hover


Per-build results may be viewed. Findings are displayed in an interactive table which can be sorted, searched on, and paginated through. Each findings can be expanded to reveal additional details.


publisher results

Mailing List

Subscribe: [[email protected]] subscribe

Post: [[email protected]] post

Copyright & License

Dependency-Check is Copyright (c) Jeremy Long. All Rights Reserved.

Dependency-Check Jenkins Plugin is Copyright (c) Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt] license file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].