OWASP: OWASP Dependency-Check install and usage 安裝與使用說明

Variables

env	version
VM virtualbox	Ubuntu 24.04

How to install OWASP Dependency-Check

JAVA Installation

same and simpile as ussuall

$ sudo apt update
$ sudo apt install default-jre
$ java -version
openjdk version "21.0.4" 2024-07-16
OpenJDK Runtime Environment (build 21.0.4+7-Ubuntu-1ubuntu224.04)
OpenJDK 64-Bit Server VM (build 21.0.4+7-Ubuntu-1ubuntu224.04, mixed mode, sharing)
$ sudo apt install default-jdk
$ javac -version
javac 21.0.4

yarn Installation

$ sudo apt update 
$ sudo apt install curl

Import Yarn GPG keys and enable Yarn repo

$ curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
$ sudo apt install yarn

npm

$ sudo apt install npm
$ sudo npm install -g n
// install NodeJs 14.21.3
$ sudo n 14.21.3

NET 8.0 Installation

$ sudo apt-get update && sudo apt-get install -y dotnet-sdk-8.0

Download Dependency-check and install

github: DependencyCheck Version 10.0.3
all usage

$ sudo unzip dependency-check
$ cd dependency-check/bin
$ sudo update-alternatives --install /usr/bin/dependency-check.sh dependency-check dependency-check/bin/dependency-check.sh 1

How to run dependency-check

dependency-check can be used Before Compilation and After Compilation

Generate Report

$ dependency-check.sh -s <Source code Path> -o <Report_Output_Path> --project <Report_Name> --zipExtensions "rpm,gz,zip,tgz,tar" 

Reference

1. https://techdirectarchive.com/2022/09/28/how-to-install-and-uninstall-yarn-on-a-linux-ubuntu-system/
2. DependencyCheck Version 10.0.3