Page Comparison

SRslic **

ASP, ASPX, HTML, JSP, JSF, JAVA, C#, VB.NET, C, CPP, H, HPP, M, MM, SWIFT, PHP, JS, TS, RB, GROOVY, GY, PY, PERL, PL, SCALA, GO, R, KT, CLJ, ERL, SH, PS1, AU3, LUA, XML files

Reveals Licenses in Whitelist, Licenses in Blacklist, License Conflicts, Suspicious Licenses, License Violations and Poor’s man copyrights found in source code.

Artifactory

jFrog Artifactory

Analyzer which will attempt to locate a dependency on a jFrog Artifactory service by SHA-1 digest of the dependency.

Archive

Zip archive format (*.zip, *.ear, *.war, *.jar, *.sar, *.apk, *.nupkg); Tape Archive Format (*.tar); Gzip format (*.gz, *.tgz); Bzip2 format (*.bz2, *.tbz2)

Extracts archive contents, then scans contents with all available analyzers.

Assembly

.NET Assemblies (*.exe, *.dll)

Uses GrokAssembly.exe, which requires .NET Framework or Mono runtime to be installed, otherwise .NET Assemblies will be analyzed by FileInfo and NuSpec analyzers only.

Packrat

CRAN

packrat.lock files (R language).

RetireJS

JavaScript

It uses the manually curated list of vulnerabilities from the RetireJS community along with the necessary information to assist in identifying vulnerable components. Vulnerabilities documented by the RetireJS community usually originate from other sources such as the NVD, OSVDB, NSP, and various issue trackers.

CMake

CMake project files (CMakeLists.txt) and scripts (*.cmake)

Regex scan for project initialization and version setting commands.

MSBuild

.NET Assembly

Analyzes MSBuild Projects

MavenGradleAnt

Analyze Maven, Ant and Gradle build files for Java

Analyze pom.xml, build.gradle, and build.xml.

GoDep

Analyze GitHub dependency files for GO Language, .go

Analyze vendor.conf, godeps.json, godeps.json gomod files, and gopkg.toml.

Jar Analyzer

Java archive files (*.jar); Web application archive (*.war)

Examines archive manifest metadata, and Maven Project Object Model files (pom.xml).

NSP

Node Security Project is used to analyze Node.js’ package.json files for known vulnerable packages.

Recently acquired by NPM inc., this service will be still available until September, 30.

Nuspec

Nuget package specification file (*.nuspec)

Uses XPath to parse specification XML. Analyze also packages.config and (*proj or sln), project.lock.json and project.assets.json or PackageReference.

OpenSSL

OpenSSL Version Source Header File (opensslv.h)

Regex parse of the OPENSSL_VERSION_NUMBER macro definition.

Ruby bundler‑audit

Ruby Gemfile.lock files

Executes bundle-audit and incorporates the results into the dependency-check report.

Autoconf

Autoconf project configuration files (configure, configure.in, configure.ac)

Regex scan for AC_INIT metadata, including in generated configuration script.

CocoaPods

CocoaPods .podspec and podfile.lock files

Extracts dependency information from specification file and lock file, for Objective-C and SWIFT projects.

Composer Lock

PHP Composer and PHP Pear

Parses PHP Pear package.xml, PHP Composer lock and composer.json files for exact versions and dependencies.

Node.js

NPM package specification files (package.json)

Parse JSON format for metadata.

Python Metadata

Python source files (*.py); Package metadata files (PKG-INFO, METADATA); Package Distribution Files (*.whl, *.egg, *.zip) Anaconda and environment.yml

Regex scan of Python source files for setup tools metadata; Parse RFC822 header format for metadata in all other artifacts. Also scans dependencies in yml files.

FileInfo-JarManifest**

jar, war, ear, dll, exe, lib, shared libs and machOS, UPX, PE executables

Reveals Blacklisted Libraries, Outdated Libraries, Other Vulnerable Libraries.

Ruby Gemspec

Ruby makefiles (Rakefile); Ruby Gemspec files (*.gemspec)

Regex scan Gemspec initialization blocks, Rakefile and gemfile.lock for metadata.

SWIFT

SWIFT Package Manager’s Package.swift

Extracts dependency information from swift package file.

**awesome-C, awesome-CPP, cppreference, awesome-dotnet, awesome-javascript, awesome-typescript, SwifterSwift, Three20, PyPi, awesome-scala

Fresh updated lists of best (awesome) libraries, packages and frameworks, specialized for each Programming language

Seeks for new and updated libraries, packages and frameworks coming directly from programmer’s community.

SBT

SCALA

Scans build.sbt for dependencies.

CPAN

Perl

Analyze dependencies in Makefile.PL.

ERL

Erlang

Analyze dependencies in rebar.config.