Dependency-Check Command Line can be used to check project dependencies for published security vulnerabilities. The checks performed are a "best effort" and as such, there could be false positives as well as false negatives. However, vulnerabilities in 3rd party components is a well-known problem and is currently documented in the 2013 OWASP Top 10 as A9 - Using Components with Known Vulnerabilities.
Documentation and links to production binary releases can be found on the github pages.
Subscribe: [email protected]
Post: [email protected]
Dependency-Check is Copyright (c) 2012-2014 Jeremy Long. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE.txt file for the full license.
Dependency-Check Command Line makes use of other open source libraries. Please see the NOTICE.txt file for more information.