In this section:
| Table of Contents | ||
|---|---|---|
|
...
Vulnerabilities are reported in DTP as violations of the OWASP Top 10 2021 A6: Vulnerable and Outdated Components guideline. Merging the OWASP Dependency-Check Pack data with code analysis results from Parasoft Jtest or dotTEST enables the full implementation of your OWASP security compliance initiative.
Requirements
- Java Runtime 17.
- X-Server access (Linux only). The
DISPLAYvariable must be set, and access control must be disabled for thexhostcommand (runxhost +). This is required to ensure that overview images in HTML reports display correctly. - OWASP Dependency-Check results in XML format. See the OWASP Dependency-Check documentation for details.
- Analysis from OWASP Dependency-Check 1112.01.0 is supported.
Deployment
- Extract the dependency-check-pack-<VERSION>.zip file distribution to the desired location. Some extractor tools, such as the default Windows extractors, will create a directory for the dependency check pack files. We recommend creating an installation home directory if your tool does not automatically create a directory to hold the extracted files.
- Follow the instructions for installing Security Compliance Pack into your DTP environment. This step is not required to run the OWASP Dependency-Check Pack, but it is required for viewing results in DTP.
OWASP Dependency-Check Rule Documentation
For DTP to display the OWASP Dependency-Check rule documentation, the rules shipped with the OWASP Dependency-Check Pack must be copied to the DTP rules directory.
Copy the contents of the <DEPENDENCY_CHECK_INSTALL>/rulesdoc/dependencycheck/ directory to the <DTP_INSTALL>/tomcat/webapps/grs/rulesdoc/ directory.
...
- in DTP
...
- .
...
End User License Agreement Acceptance
...