Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.

Dependency-Check is able to identify Java and Python components, Node.js and Ruby Gem packages, and .NET assemblies. Once identified, Dependency-Check will automatically determine if those component have known, publicly disclosed, vulnerabilities.

The Dependency-Check Jenkins Plugin features the ability to perform a dependency analysis build and later view results post build. The plugin is built using analysis-core and features many of the same features that Jenkins static analysis plugins offer, including thresholds, charts and the ability to view vulnerability information should a dependency have one identified.

More information can be found on the wiki.

Subscribe: [dependency-check+subscribe@googlegroups.com] subscribe

Post: [dependency-check@googlegroups.com] post

Dependency-Check is Copyright (c) 2012-2015 Jeremy Long. All Rights Reserved.

Dependency-Check Jenkins Plugin is Copyright (c) 2013-2015 Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE.txt] license file for the full license.

Dependency-Check makes use of several other open source libraries. Please see the [NOTICE.txt] notices file for more information.