Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Software composition analysis (SCA) is an automated process that identifies open-source software in a codebase. This analysis evaluates the security, license compliance, and code quality. Dependency-check is an SCA tool and it allows a user to run scans on Dependencies which generates reports for known vulnerable components. that we used in our source. FlexDeploy -OWASPDependencyCheckPlugin provides a simple and effective way to automate the Dependency code analysis with just a few configurations/steps. It can then be used as a step in your Build workflow. Or you can use create a utility to execute frequently. You can also add a quality gate in your pipeline, to enforce standards

Supported Version

  • Version 8.1.0

Key Features

  • Integrate scan results into your FlexDeploy.

  • Provided browsable link to full PMD analysis after running operation.

  • Provided full support for Java, Dot net, and Experimenatl analyzer for PHP,JS,Python,Node js,Ruby

  • Easily Configurable suppression file

  • Supports Continous Integration

  • Review scan results in FlexDeploy with links to rules and how to fix them. Use counts (Critical, High, etc) in automated gates to reject builds to ensure the quality of your build artifacts and source code.

Experimental Analyzers

Plugin Operations

  • runDependencyCheck

 

  • No labels