Software composition analysis (SCA) is an automated process that identifies open-source software in a codebase. This analysis evaluates the security, license compliance, and code quality. Dependency-check is an SCA tool and it allows a user to run scans on Dependencies which generates reports for known vulnerable components. that we used in our source. FlexDeploy -OWASPDependencyCheckPlugin provides a simple and effective way to automate the Dependency code analysis with just a few configurations/steps. It can then be used as a step in your Build workflow. Or you can use create a utility to execute frequently. You can also add a quality gate in your pipeline, to enforce standards
Supported Version
Version 8.1.0
Key Features
Integrate scan results into your FlexDeploy.
Provided browsable link to full PMD analysis after running operation.
Provided full support for Java, Dot net, and Experimenatl analyzer for PHP,JS,Python,Node js,Ruby
Easily Configurable suppression file
Supports Continous Integration
Review scan results in FlexDeploy with links to rules and how to fix them. Use counts (Critical, High, etc) in automated gates to reject builds to ensure the quality of your build artifacts and source code.
Experimental Analyzers
Plugin Operations
runDependencyCheck