OWASP dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies.

Dependency-Check has a command line interface, a Maven plugin, a Gradle plugin, an Ant task and a number of integrations with build tooling such as Jenkins, GitHub Actions and Azure DevOps. The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool).

In the following example it is assumed that the source to be checked is in the current working directory and the reports will be written to $(pwd)/odc-reports. Persistent data and cache directories are used, allowing you to destroy the container after running. ... #!/bin/sh DC_VERSION="latest" DC_DIRECTORY=$HOME/OWASP-Dependency-Check DC_PROJECT="dependency-check scan: $(pwd)" DATA_DIRECTORY="$DC_DIRECTORY/data" CACHE_DIRECTORY="$DC_DIRECTORY/data/cache" if [ !

OWASP dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies.

Dependency-Check also provides plugins to check for vulnerable components for CI/CD pipelines. The OWASP Spotlight series provides an example of the risks involved in using out of date and vulnerable libraries, and how to use Dependency-Check: 'Project 2 - OWASP Dependency Check'.

2 weeks ago - The installation of Dependency-Check can be performed automatically, which will download and extract the official Command-Line Interface (CLI) from Github, or an official distribution can be installed manually and the path to the installation ...

3 weeks ago - Dependency-Check currently provides ... Dart, SWIFT, and Golang. It can be executed via the command-line interface (CLI), as an Ant task, or through plugins integrated with Maven, Jenkins, or Gradle....

- Download the command line dependency checker from the following url : https://owasp.org/www-project-dependency-check/ - Extract the zip file to a location on your computer. - Put the ‘bin’ directory of the dependency checker into the PATH environment variable of your system.

This document provides details of all necessary steps for using OWASP Dependency Check Command Line Client (CLI)1 tool and the Maven plugin2 for analyzing 3rd party dependencies used in projects for identifying known security vulnerabilities.

1 week ago - dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies.

OWASP/ Dependency-Check/ documentation/ dependency-check/ Command Line Arguments · | Last Published: 2025-02-16 · Version: 12.1.0 · Follow ctxt ·

dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies. The tool will generate a report listing the dependency, any identified Common Platform Enumeration (CPE) identifiers, and ...

In the bin directory of the dependency-check tool, you can find the executable script. dependency-check.bat file is for running the tool on Windows and the dependency-check.sh file is for running on Linux. If you just execute the script without providing any parameters, you can see the list of parameters that you need to provide for performing the vulnerability analysis and generating reports. Following are the basic parameters that are required when running a vulnerability analysis. Now let’s do an analysis using OWASP Dependency Check.

January 5, 2026 - A Node.js wrapper for the OWASP dependency-check-cli.. Latest version: 1.0.1, last published: 3 months ago. Start using owasp-dependency-check in your project by running `npm i owasp-dependency-check`. There are 1 other projects in the npm registry using owasp-dependency-check.

OWASP/ Dependency-Check/ documentation/ dependency-check/ Command Line Arguments · | Last Published: 2026-04-11 · Version: 12.2.1 · Follow ctxt ·

To install from PyPI, add dependency-check to your dev-requirements.txt or a similar file. For more installation options, see the “Installation” section below. Using environment variables, you can change the version and download location of the release archive, and the directory for the local installation. To update to a new version of the OWASP software, delete ~/.local/dependency-check/bin/, set DEPENDENCY_CHECK_VERSION to the new version number, and call dependency-check.

September 27, 2025 - The OWASP dependency-check repository has moved to https://github.com/dependency-check/DependencyCheck.

January 30, 2026 - OWASP Dependency-Check can be used ... The CLI is commonly used to scan project dependencies during builds and generate vulnerability reports that support secure software development and regulatory risk assessment....

February 17, 2025 - package org.owasp.dependencycheck; · import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; · import java.io.File; import java.io.FileNotFoundException; · import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; import org.apache.commons.cli.HelpFormatter; import org.apache.commons.cli.Option; import org.apache.commons.cli.OptionGroup; import org.apache.commons.cli.Options; import org.apache.commons.cli.ParseException; import org.owasp.dependencycheck.reporting.ReportGenerator.Format; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; ·