练习Test方法
SAST, DAST, SAC
SCA案例五, Github有Dependency review做组件扫描。这次测试一个cmd程序。
snapshot:
执行扫描
.\dependency-check.bat --project "flaskProject_v5" --scan "D:\flaskProject_v5"
生成结果报告,没有检查到requirement.txt插件包
D:\dependency-check\bin\dependency-check-report.html
执行扫描,没有检查到pom.xml插件包。应该是不支持maven
.\dependency-check.bat --project "fp" --scan "D:\sspyriso-fp"
fix:
扫描时候报错,检查jsrepository.json文件内容是否为空。解决办法手动下载此文件,或者把文件内容粘贴过来。
dependency-check\data\jsrepository.json
https://raw.githubusercontent.com/Retirejs/retire.js/master/repository/jsrepository.json
Reference:
OWASP Dependency-Check
https://owasp.org/www-project-dependency-check/
Download dependency-check
dependency-check/ About command指令介绍
https://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html
Failed to initialize the RetireJS repo
https://github.com/jeremylong/DependencyCheck/issues/2599
jsrepository.json
https://download.csdn.net/download/weixin_50750933/86402307