Git Product home page Git Product logo

dcweb's Introduction

dcweb

Dependency-Check 是一款分析软件构成的工具,他会检测项目中依赖项的公开披露漏洞,常用于扫描java和.NET项目。本项目就是基于此工具的包装。

目标

用于检测项目中使用依赖库的安全性。根据公司业务的情况:

  1. 对接代码管理平台,自动化扫描
  2. 业务提交扫描工单,安全人员帮助扫描和给修复建议
  3. 业务自行提交扫描

如果公司代码发布不多,推荐使用第二种方法,安全人员好跟进并给出针对性建议。

新项目cve-db是一款生成cve数据库的工具,可以配合Dependcy-Check使用。

安装

普通安装

1. git clone [email protected]:he1m4n6a/dcweb.git
2. pip -r requirements.txt
3. 从 https://bintray.com/jeremy-long/owasp/dependency-check 下载dependency-check最新二进制版本,放到dcweb/dependency-check目录下
4. apt-get install default-jdk 安装java环境
5. python manage.py runserver 0.0.0.0:8888 运行即可

docker安装

1. git clone [email protected]:he1m4n6a/dcweb.git
2. cd docker-deploy
3. docker-compose build
4. docker-compose up -d

默认运行在localhost和8888端口,开启debug,改其他配置修改dcweb/settings.py文件。

推荐docker安装,部署简单,移植方便。

使用方法

把包含三方依赖库的源码打包上传,点击开始扫描即可。

todo

项目中还有很多地方可以优化和补充,后续如果大家如果有需求或者别的想法可以进行补充。

  1. 添加报告结果分析并发送邮件
  2. 添加网页接口鉴权
  3. 已扫描项目根据需求选择重扫或忽略

dcweb's People

Contributors

dependabot[bot] avatar he1m4n6a avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

sry309 explorer1092 qiuleilei triplekill popmedd bigbigx githubtest007 baihualin-hk test2504 whosec cleanmgr112 jybzjf lxd870911 verseboys ronin001

dcweb's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.