{ "info": { "author": "J\u00fcrgen Hermann", "author_email": "jh@web.de", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Topic :: Security", "Topic :: Software Development :: Quality Assurance", "Topic :: Utilities" ], "description": "Overview\n--------\n\n``dependency-check`` scans application dependencies and checks whether they contain any published vulnerabilities\n(based on the NIST `NVD`_).\nIt runs in the JVM, so you need some form of ``java`` available in your ``PATH``.\nThe script should work on Linux, Mac OSX and Windows, but right now is only tested on Linux.\n\n\nUsage\n-----\n\nAfter installation, you'll have the ``dependency-check`` command available that, on first use,\nwill automatically download and install the OWASP release archive once for all projects.\nIt'll then redirect any calls to that installation, meaning the downloaded NVD data is shared\namongst projects.\nPlease see the `DependencyCheck site`_ for more configuration and usage details.\n\nTo install from PyPI, add ``dependency-check`` to your ``dev-requirements.txt``\nor a similar file. For more installation options, see the next section.\n\nTo just get the ``dependency-check`` CLI tool installed into your home,\nindependant of any project, you can use the `pip script installer`_ or\n``pip install --user dependency-check``.\n\n |Installation Demo|\n\n\nCustomization\n-------------\n\nUsing environment variables, you can change the version and download location of the release archive,\nand the directory for the local installation.\n\n=============================== ==============================================================================================\nVariable Default\n=============================== ==============================================================================================\n``DEPENDENCY_CHECK_VERSION`` ``2.1.1``\n``DEPENDENCY_CHECK_URL`` ``https://bintray.com/artifact/download/jeremy-long/owasp/dependency-check-{version}-release.zip``\n``DEPENDENCY_CHECK_HOME`` ``~/.local/dependency-check``\n``DEPENDENCY_CHECK_NVD_URL`` *Use NIST NVD URLs*\n=============================== ==============================================================================================\n\nTo update to a new version of the OWASP software,\ndelete ``~/.local/dependency-check/bin/``,\nset ``DEPENDENCY_CHECK_VERSION`` to the new version number,\nand call ``dependency-check``.\n\nThe variable ``DEPENDENCY_CHECK_NVD_URL`` can be used to point to a local copy of the various NVD feeds,\nin a flat hierarchy with uncompressed XML files\n(if you set this, the options ``--cveUrl12Modified``, ``--cveUrl20Modified``, ``--cveUrl12Base``, and\n``--cveUrl20Base`` will be added to each call).\n\n\nInstallation\n------------\n\n*dependency-check* can be installed via ``pip install dependency-check`` as usual,\nsee `releases `_ for an overview of available versions.\nTo get a bleeding-edge version from source, use these commands::\n\n repo=\"jhermann/dependency-check-py\"\n pip install -r \"https://raw.githubusercontent.com/$repo/master/requirements.txt\"\n pip install -U -e \"git+https://github.com/$repo.git#egg=dependency-check\"\n\nAs a developer, to create a working directory for this project, call these commands::\n\n git clone \"https://github.com/jhermann/dependency-check-py.git\"\n cd \"dependency-check-py\"\n . .env --yes --develop\n invoke build check\n\nYou might also need to follow some\n`setup procedures `_\nto make the necessary basic commands available on *Linux*, *Mac OS X*, and *Windows*.\n\n\nOther Python Security Tools\n---------------------------\n\n* `openstack/bandit`_ \u2013 Security linter designed to find common security issues in Python code, by static AST analysis.\n* `pyupio/safety`_ \u2013 Safety checks your installed dependencies for known security vulnerabilities.\n\n * `pyupio/safety-db`_ \u2013 A curated database of security vulnerabilities in Python packages.\n\n.. _`openstack/bandit`: https://github.com/openstack/bandit\n.. _`pyupio/safety`: https://github.com/pyupio/safety\n.. _`pyupio/safety-db`: https://github.com/pyupio/safety-db\n\n.. _`NVD`: https://nvd.nist.gov/\n.. _`OWASP dependency-check-cli`: https://github.com/jeremylong/dependencycheck#dependency-check\n.. _`DependencyCheck site`: https://www.owasp.org/index.php/OWASP_Dependency_Check\n.. _`pip script installer`: https://github.com/mitsuhiko/pipsi#pipsi\n\n.. |Installation Demo| image:: https://raw.githubusercontent.com/jhermann/dependency-check-py/master/dependency_check.gif\n\n.. |Travis CI| image:: https://api.travis-ci.org/jhermann/dependency-check-py.svg\n :target: https://travis-ci.org/jhermann/dependency-check-py\n.. |Coveralls| image:: https://img.shields.io/coveralls/jhermann/dependency-check-py.svg\n :target: https://coveralls.io/r/jhermann/dependency-check-py\n.. |GitHub Issues| image:: https://img.shields.io/github/issues/jhermann/dependency-check-py.svg\n :target: https://github.com/jhermann/dependency-check-py/issues\n.. |License| image:: https://img.shields.io/pypi/l/dependency-check.svg\n :target: https://github.com/jhermann/dependency-check-py/blob/master/LICENSE\n.. |Development Status| image:: https://pypip.in/status/dependency-check/badge.svg\n :target: https://pypi.python.org/pypi/dependency-check/\n.. |Latest Version| image:: https://img.shields.io/pypi/v/dependency-check.svg\n :target: https://pypi.python.org/pypi/dependency-check/\n.. |Download format| image:: https://pypip.in/format/dependency-check/badge.svg\n :target: https://pypi.python.org/pypi/dependency-check/\n.. |Downloads| image:: https://img.shields.io/pypi/dw/dependency-check.svg\n :target: https://pypi.python.org/pypi/dependency-check/\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jhermann/dependency-check-py", "keywords": "owasp,security,vulnerability,quality-assurance", "license": "Apache 2.0", "maintainer": "", "maintainer_email": "", "name": "dependency-check", "package_url": "https://pypi.org/project/dependency-check/", "platform": "", "project_url": "https://pypi.org/project/dependency-check/", "project_urls": { "Homepage": "https://github.com/jhermann/dependency-check-py" }, "release_url": "https://pypi.org/project/dependency-check/0.2.0/", "requires_dist": null, "requires_python": "", "summary": "Shim to easily install OWASP dependency-check-cli into Python projects", "version": "0.2.0" }, "last_serial": 3236491, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "e758f6c646f2d24372b08bee874e8f22", "sha256": "15ed9cad3323397404b040211ebf932741bc8e0b08af51852879615b8441a07d" }, "downloads": -1, "filename": "dependency_check-0.1.0-py2.7.egg", "has_sig": false, "md5_digest": "e758f6c646f2d24372b08bee874e8f22", "packagetype": "bdist_egg", "python_version": "2.7", "requires_python": null, "size": 6864, "upload_time": "2015-11-23T16:35:18", "url": "https://files.pythonhosted.org/packages/74/89/1eea162ed894cefe649fb43268af51c58d749fa5ee54b86ae8637beefb00/dependency_check-0.1.0-py2.7.egg" }, { "comment_text": "", "digests": { "md5": "8897b12f10ce1d361011f8049373e58d", "sha256": "c30e0b664084024b26374e6db39d5f5285a92069f5a44165c79f27609dc6770f" }, "downloads": -1, "filename": "dependency_check-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "8897b12f10ce1d361011f8049373e58d", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 7502, "upload_time": "2015-11-23T16:35:25", "url": "https://files.pythonhosted.org/packages/6c/3d/7313b09c3ae81e03bffebf6ad431e9cfa264eea3045e698e73dae013165d/dependency_check-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "62d061daa662ad52e49e5fb584c7ce7d", "sha256": "a50f45b646a93277c6b0372cd9a9252bac93849ee57ce4fe79bda3adfb73fb8f" }, "downloads": -1, "filename": "dependency-check-0.1.0.zip", "has_sig": false, "md5_digest": "62d061daa662ad52e49e5fb584c7ce7d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19230, "upload_time": "2015-11-23T16:35:30", "url": "https://files.pythonhosted.org/packages/e8/04/8f2aa48ace66989150ce12f07ada07ac8119f8d9458b00e8086b9b17ce4f/dependency-check-0.1.0.zip" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "fc4ac215301351c8b9ccaff5349e3db0", "sha256": "f69af40649fbce883a93e8f5ff7e97fb36727a6a5d45c1eb2f72ee6885410de2" }, "downloads": -1, "filename": "dependency_check-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "fc4ac215301351c8b9ccaff5349e3db0", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8406, "upload_time": "2017-10-09T14:39:30", "url": "https://files.pythonhosted.org/packages/0e/f5/836569a3ba79dbd9beb00232c57e0f2861f1a6b46d77a93ffab7a04525e3/dependency_check-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f71dd9ce4d5545fefeeaea6722354e53", "sha256": "9207b6213381c459bfe268f0bc4e57325a338d65d1cf0398f9ffc86a323eb903" }, "downloads": -1, "filename": "dependency-check-0.2.0.zip", "has_sig": false, "md5_digest": "f71dd9ce4d5545fefeeaea6722354e53", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21937, "upload_time": "2017-10-09T14:39:32", "url": "https://files.pythonhosted.org/packages/c4/be/2bea70cc2d5ad7d61e486c85ba953eb14ce8274d111e7323e4c321419eb3/dependency-check-0.2.0.zip" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "fc4ac215301351c8b9ccaff5349e3db0", "sha256": "f69af40649fbce883a93e8f5ff7e97fb36727a6a5d45c1eb2f72ee6885410de2" }, "downloads": -1, "filename": "dependency_check-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "fc4ac215301351c8b9ccaff5349e3db0", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 8406, "upload_time": "2017-10-09T14:39:30", "url": "https://files.pythonhosted.org/packages/0e/f5/836569a3ba79dbd9beb00232c57e0f2861f1a6b46d77a93ffab7a04525e3/dependency_check-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f71dd9ce4d5545fefeeaea6722354e53", "sha256": "9207b6213381c459bfe268f0bc4e57325a338d65d1cf0398f9ffc86a323eb903" }, "downloads": -1, "filename": "dependency-check-0.2.0.zip", "has_sig": false, "md5_digest": "f71dd9ce4d5545fefeeaea6722354e53", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21937, "upload_time": "2017-10-09T14:39:32", "url": "https://files.pythonhosted.org/packages/c4/be/2bea70cc2d5ad7d61e486c85ba953eb14ce8274d111e7323e4c321419eb3/dependency-check-0.2.0.zip" } ] }