...
OWASP dependency-check is an open-source tool that scans Java and .NET projects and identifies the use of known vulnerable components. Parasoft OWASP Dependency Check Pack reads the results the OWASP dependency-check tool and reports vulnerabilities to Parasoft DTP in a standardized format. This enables DTP to present the data in widgets and to provide remediation paths for addressing the vulnerabilities.
Vulnerabilities are reported in DTP as violations of the OWASP Top 10 2021 A6: Vulnerable and Outdated Components guideline. Merging the OWASP Dependency Check Pack data with code analysis results from Parasoft Jtest or dotTEST enables the full implementation of your OWASP security compliance initiative.
Requirements
- Java (provided in DTP installation)Runtime 11.
- X-Server access (Linux only). The
DISPLAY
variable must be set and access control must be disabled for thexhost
command (runxtest +
). This is required to ensure that overview images in HTML reports display correctly. - OWASP dependency-check results in XML format. See the OWASP dependency-check documentation for details.
- Analysis from OWASP dependency check 6.4.1 is supported.A valid license for Parasoft Test 10.4 added to your DTP License Server.
Deployment
The OWASP Dependency Check Pack is shipped with the Parasoft Security Bundle.
...