{"id":17996708,"url":"https://github.com/eliasgranderubio/4depcheck","last_synced_at":"2025-03-26T04:30:45.981Z","repository":{"id":93068820,"uuid":"101863772","full_name":"eliasgranderubio/4depcheck","owner":"eliasgranderubio","description":"a tool to analyze and detect vulnerable dependencies/libraries from different programming languages","archived":false,"fork":false,"pushed_at":"2021-07-27T18:20:11.000Z","size":270,"stargazers_count":10,"open_issues_count":3,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-21T05:22:18.060Z","etag":null,"topics":["dependency-analysis","security","static-analysis","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eliasgranderubio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-08-30T09:33:46.000Z","updated_at":"2024-10-16T00:47:02.000Z","dependencies_parsed_at":"2023-06-04T15:30:23.950Z","dependency_job_id":null,"html_url":"https://github.com/eliasgranderubio/4depcheck","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eliasgranderubio%2F4depcheck","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eliasgranderubio%2F4depcheck/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eliasgranderubio%2F4depcheck/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eliasgranderubio%2F4depcheck/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eliasgranderubio","download_url":"https://codeload.github.com/eliasgranderubio/4depcheck/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245589132,"owners_count":20640232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependency-analysis","security","static-analysis","vulnerability-scanners"],"created_at":"2024-10-29T21:15:36.616Z","updated_at":"2025-03-26T04:30:45.968Z","avatar_url":"https://github.com/eliasgranderubio.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 4depcheck\n[![Python](https://img.shields.io/badge/python-3.5%2C%203.6-blue.svg)](https://github.com/eliasgranderubio/4depcheck)\n[![Docker Pulls](https://img.shields.io/docker/pulls/3grander/4depcheck.svg)](https://hub.docker.com/r/3grander/4depcheck/)\n[![License](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://github.com/eliasgranderubio/4depcheck)\n\n**4depcheck** is a tool to analyze and detect vulnerable dependencies/libraries from different programming languages thanks to:\n   * [OWASP dependency check](https://github.com/jeremylong/DependencyCheck)\n   * [Retire.js](https://github.com/retirejs/retire.js/)\n\n\n## Requirements\n\nBefore **4depcheck** usage, you must have installed the next requirements:\n\n* Docker\n\n### Installation of Docker\n\nYou must have installed Docker for using **4depcheck**. If you need instructions for Docker installation, see the [How-to install Docker](https://docs.docker.com/engine/getstarted/step_one/) page.\n\nIn order to avoid having to use `sudo` when you use the `docker` command, create a Unix group called `docker` and add users to it. When the `docker` daemon starts, it makes the ownership of the Unix socket read/writable by the `docker` group.\n\n## Usage\n\nFor **4depcheck** usage, you can set the next environment variables as you need:\n```\n    export PROJECT_NAME='project_to_analyze'\n    export ABSOLUTE_PATH_TO_YOUR_PROJECT='/home/user/project_to_analyze'\n```\n\nIf you has set the previous environment variables, you only need run the next docker command:\n```\n    $ docker run -v /tmp/4depcheck:/tmp/4depcheck \\\n                 -v $ABSOLUTE_PATH_TO_YOUR_PROJECT:$ABSOLUTE_PATH_TO_YOUR_PROJECT \\\n                 3grander/4depcheck:0.1.0 $PROJECT_NAME $ABSOLUTE_PATH_TO_YOUR_PROJECT\n```\nIf you has not set the environment variables, you only need replace the variables in the previous docker command as you need.\n\nThe expected output for the previous query will be shown in the stdout and it will be stored in `/tmp/4depcheck/$PROJECT_NAME.json`. An example for this output is shown below:\n\n```\n    [{   \n        \"cve_severity\": \"medium\",\n        \"cve_product\": \"cxf\",\n        \"cve_product_version\": \"3.1.6\",\n        \"cve_id\": \"CVE-2017-3156\",\n        \"cve_type\": \"java\",\n        \"cve_product_file_path\": \"/opt/modules/system/org/apache/cxf/main/cxf-core-3.1.6.jar\"\n    }, {     \n        \"cve_severity\": \"high\",\n        \"cve_product\": \"netty\",\n        \"cve_product_version\": \"4.0.33\",\n        \"cve_id\": \"CVE-2016-4970\",\n        \"cve_type\": \"java\",\n        \"cve_product_file_path\": \"/opt/modules/system/io/netty/main/netty-all-4.0.33.Final.jar\"\n    }, {\n        \"cve_severity\": \"high\",\n        \"cve_product\": \"xalan-java\", \n        \"cve_product_version\": \"2.7.1\", \n        \"cve_id\": \"CVE-2014-0107\",\n        \"cve_type\": \"java\", \n        \"cve_product_file_path\": \"/usr/plugins/xslt-debugger/lib/rt/xalan.jar\"\n    }, {\n        \"cve_severity\": \"high\",\n        \"cve_product\": \"xalan-java\",\n        \"cve_product_version\": \"2.7.1\",\n        \"cve_id\": \"CVE-2014-0107\",\n        \"cve_type\": \"java\",\n        \"cve_product_file_path\": \"/usr/plugins/xslt-debugger/lib/rt/serializer.jar\" \n    }, {\n        \"cve_severity\": \"medium\",\n        \"cve_product\": \"axis\",\n        \"cve_product_version\": \"1.4\",\n        \"cve_id\": \"CVE-2014-3596\",\n        \"cve_type\": \"java\",\n        \"cve_product_file_path\": \"/usr/plugins/tasks/lib/axis-1.4.jar\"\n    }, {\n        \"cve_severity\": \"medium\",\n        \"cve_product\": \"jquery\",\n        \"cve_product_version\": \"1.4.2\",\n        \"cve_id\": \"CVE-2011-4969\", \n        \"cve_type\": \"js\",\n        \"cve_product_file_path\": \"/usr/js/jquery-1.4.2/jquery.js\"\n    }]\n\n```\n\n\n## Bugs and Feedback\nFor bugs, questions and discussions please use the [Github Issues](https://github.com/eliasgranderubio/4depcheck/issues) or ping me on Twitter (@3grander).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feliasgranderubio%2F4depcheck","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feliasgranderubio%2F4depcheck","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feliasgranderubio%2F4depcheck/lists"}