...
OWASP dependency-check is an open-source tool that scans Java and .NET projects and identifies the use of known vulnerable components. Parasoft OWASP Dependency Check Pack reads the results the OWASP dependency-check tool and reports vulnerabilities to Parasoft DTP in a standardized format. This enables DTP to present the data in widgets and to provide remediation paths for addressing the vulnerabilities.
Vulnerabilities are reported in DTP as violations of the OWASP Top 10 2021 A6: Vulnerable and Outdated Components guideline. Merging the OWASP Dependency Check Pack data with code analysis results from Parasoft Jtest or dotTEST enables the full implementation of your OWASP security compliance initiative.
Requirements
- Java (provided in DTP installation)Runtime 11.
- X-Server access (Linux only). The
DISPLAYvariable must be set and access control must be disabled for thexhostcommand (runxtest xhost +). This is required to ensure that overview images in HTML reports display correctly. - OWASP dependency-check results in XML format. See the OWASP dependency-check documentation for details.
- Analysis from OWASP dependency check 6.4.1 is supported.
- A valid license for Parasoft Test 10.4 added to your DTP License Server.
Deployment
The OWASP Dependency Check Pack is shipped with the Parasoft Security Bundle.
...
After copying the rules, documentation associated with OWASP dependency-check violations will be available in DTP interfaces, such as the Documentation tab of the Violations Explorer.
Connecting to DTP
The OWASP Dependency-Check Pack is a separate tool and must connect to DTP to acquire a license and to send results to your DTP project. Specify Specify the following settings in the settings.properties file located in the installation directory:
dtp.server
Specifies the host name of the DTP server.
...