Shim to easily install OWASP dependency-check-cli into Python projects
Project description
dependency-check scans application dependencies and checks whether they contain any published vulnerabilities (based on the NIST NVD). It runs in the JVM, so you need some form of java available in your PATH. The script should work on Linux, Mac OSX and Windows, but right now is only tested on Linux.
Usage
After installation, you’ll have the dependency-check command available that, on first use, will automatically download and install the OWASP release archive once for all projects. It’ll then redirect any calls to that installation, meaning the downloaded NVD data is shared amongst projects. Please see the DependencyCheck site for more configuration and usage details.
To install from PyPI, add dependency-check to your dev-requirements.txt or a similar file. For more installation options, see the next section.
To just get the dependency-check CLI tool installed into your home, independant of any project, you can use the pip script installer.
Customization
Using environment variables, you can change the version and download location of the release archive, and the directory for the local installation.
Variable |
Default |
|---|---|
DEPENDENCY_CHECK_VERSION |
1.3.1 |
DEPENDENCY_CHECK_URL |
https://bintray.com/artifact/download/jeremy-long/owasp/dependency-check-{version}-release.zip |
DEPENDENCY_CHECK_HOME |
~/.local/dependency-check |
To update to a new version of the OWASP software, delete ~/.local/dependency-check/bin/, set DEPENDENCY_CHECK_VERSION to the new version number, and call dependency-check.
Installation
dependency-check can be installed via pip install dependency-check as usual, see releases for an overview of available versions. To get a bleeding-edge version from source, use these commands:
repo="jhermann/dependency-check-py" pip install -r "https://raw.githubusercontent.com/$repo/master/requirements.txt" pip install -UI -e "git+https://github.com/$repo.git#egg=dependency-check"
As a developer, to create a working directory for this project, call these commands:
git clone "https://github.com/jhermann/dependency-check-py.git" cd "dependency-check-py" . .env --yes --develop invoke build check
You might also need to follow some setup procedures to make the necessary basic commands available on Linux, Mac OS X, and Windows.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file dependency-check-0.1.0.zip.
File metadata
- Download URL: dependency-check-0.1.0.zip
- Upload date:
- Size: 19.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a50f45b646a93277c6b0372cd9a9252bac93849ee57ce4fe79bda3adfb73fb8f |
|
| MD5 | 62d061daa662ad52e49e5fb584c7ce7d |
|
| BLAKE2b-256 | e8048f2aa48ace66989150ce12f07ada07ac8119f8d9458b00e8086b9b17ce4f |
File details
Details for the file dependency_check-0.1.0-py2.py3-none-any.whl.
File metadata
- Download URL: dependency_check-0.1.0-py2.py3-none-any.whl
- Upload date:
- Size: 7.5 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c30e0b664084024b26374e6db39d5f5285a92069f5a44165c79f27609dc6770f |
|
| MD5 | 8897b12f10ce1d361011f8049373e58d |
|
| BLAKE2b-256 | 6c3d7313b09c3ae81e03bffebf6ad431e9cfa264eea3045e698e73dae013165d |
File details
Details for the file dependency_check-0.1.0-py2.7.egg.
File metadata
- Download URL: dependency_check-0.1.0-py2.7.egg
- Upload date:
- Size: 6.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 15ed9cad3323397404b040211ebf932741bc8e0b08af51852879615b8441a07d |
|
| MD5 | e758f6c646f2d24372b08bee874e8f22 |
|
| BLAKE2b-256 | 74891eea162ed894cefe649fb43268af51c58d749fa5ee54b86ae8637beefb00 |
