Comments (3)
I tried running it by referring to the folder and not the .jar file, with the following result:
depscan --profile research -t java -i test --debug
DEBUG [2024-04-23 06:40:10,648] BOM Profile: research
DEBUG [2024-04-23 06:40:10,648] ⚡︎ Executing "cdxgen -r -t java -o test/bom.json --profile research test"
DEBUG [2024-04-23 06:40:11,530] Bom file doesn't exist. Check if cdxgen was invoked with the correct type argument.
Set the environment variable CDXGEN_DEBUG_MODE to debug to troubleshoot the issue further.
DEBUG [2024-04-23 06:40:11,531] Bom file test/bom.json was not created successfully
from dep-scan.
I realised that I should have been scanning the source, however I still get the following error:
depscan --profile research -t java -i ./VulnerableApp/src --debug
DEBUG [2024-04-23 07:00:36,166] BOM Profile: research
DEBUG [2024-04-23 07:00:36,166] ⚡︎ Executing "cdxgen -r -t java -o ./VulnerableApp/src/bom.json --profile research ./VulnerableApp/src"
DEBUG [2024-04-23 07:00:37,046] Bom file doesn't exist. Check if cdxgen was invoked with the correct type argument.
Set the environment variable CDXGEN_DEBUG_MODE to debug to troubleshoot the issue further.
DEBUG [2024-04-23 07:00:37,046] Bom file ./VulnerableApp/src/bom.json was not created successfully
from dep-scan.
@sjpritchard Is there a public repo for the app you are scanning? The -i
or --src
argument must point to the directory containing the source. Often this would be the root directory containing pom.xml or package-lock.json etc.
If you are already inside inside the application directory, you can pass dot as the directory name. -i .
from dep-scan.
Related Issues (20)
- [v6] Support for cpe based searches
- [v6] Prefer xz vdb over rafs
- Feature: VDB update frequency information HOT 2
- False-Positive: CVE-2020-14343 HOT 9
- False-Positive: CVE-2021-39913 HOT 7
- [FN] CVE-2023-5590 is not reported for [email protected] HOT 1
- False-Positive: I raised the topic on discord. I compared the DT, Depscan, and Grype analyzers. The results are presented in the table. I think it will be useful for correcting the quality of the analysis. HOT 1
- [dotnet] Runtime components naming
- [cdxgen 10.3.x] Breaking changes in cdxgen for go and npm HOT 1
- cargo:http is yielding a lot of false positives
- [risk-audit] Detect use of Trusted publisher
- [container] almalinux 9.3 builds are broken
- [v6] choices for reachability analysis
- False-Positive: dotnet: System.Texts.Encodings.Web HOT 5
- Bug: Empty reachability report HOT 1
- [docs] Lessons for analyzing common vulnerable repos
- Golang binaries are not scanned from within containers HOT 1
- False-Positive: CVE-2022-24304 rejected by NVD
- CVE-2019-18413 flagged as critical
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dep-scan.