Dependency management is one of the topic in package management to ensure dependent library (jar / dll / etc) is no interference between each other and it caused compatibility problem. Besides, it can detect vulnerability in early stage by check library and used version is align with latest security standard.
In this article, I will use gradle project as example and list commands to check dependency.
- Install gradle plugin in project.
In build.gradle, add line below and refresh gradle project.buildscript { repositories { mavenCentral() } dependencies { classpath 'org.owasp:dependency-check-gradle:6.0.3+' } } apply plugin: 'org.owasp.dependencycheck'
- Generate dependency report.
In Terminal, move to project directory and input command below.gradle dependencyCheckUpdate dependencyCheckAnalyze
It will update dependency database then analyst project dependency. Report will locate in %BUILD_DIR%\reports\dependency-check-report.html
- Check report.
Go to %BUILD_DIR%\\reports\ and found dependency-check-report.html exists or not.
Reference
- https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/
Leave a Reply