Software composition analysis (SCA) is an automated process that identifies open-source software in a codebase. This analysis evaluates the security, license compliance, and code quality. Dependency-check is an SCA tool and it allows a user to run scans on Dependencies which generates reports for known vulnerable components. that we used in our source. FlexDeploy -OWASPDependencyCheckPlugin provides a simple and effective way to automate the Dependency code analysis with just a few configurations/steps. It can then be used as a step in your Build workflow. Or you can use create a utility to execute frequently. You can also add a quality gate in your pipeline, to enforce standards
Version 8.1.0+
Java 8+
Integrate scan results into your FlexDeploy.
Provided browsable link to complete DependencyCheck analysis after running operation.
Provided full support for Java, Dot net, and Experimental analyzer for PHP, JS, Python, Node js, Ruby
To use the experimental analyzers we must enable experimental configuration
Easily Configurable suppression file
Supports Continous Integration
Review scan results in FlexDeploy with links to rules and how to fix them. Use counts (Critical, High, etc) in automated gates to reject builds to ensure the quality of your build artifacts and source code.
