dependency_spy
Finds known vulnerabilities in your dependencies using yavdb as the source agregator of vulnerabilities.
Thanks to the amazing work done by libraries.io all the dependency manifest parsing ishandled by bibliothecary and this means we have support for more than 20package managers. Due to the limited sources of information we only have identified vulnerabilities for the ones listed in yavdb.
Disclaimer
This projects aims to provide an OSS alternative to identify known vulnerabilities for your dependencies.Although it makes a good effort in doing this, there is no assurance it is finding all the publicly available vulnerabilities.The maintainers take no responsibility for any harm caused by you relying on it.Use as a complement to other tools at your own risk.
Supported Package Managers
- NPM
- RubyGems
- Maven
- Nuget
- Packagist
- Pypi
- Go
- Cargo
Prerequisites
- Ruby 2.3 or newer
Installation
gem install dependency_spy
Usage
Examples
Check current directory project
depspy
TODO:
Tests
- Version Comparison
Features/Improvements
- Ignore vulnerabilities
- Improve output formatters
- Add more output options
Help
Commands:
depspy check # Check dependencies for known vulnerabilities
depspy help [COMMAND] # Describe available commands or one specific command
depspy update # Update known vulnerabilities database
Options:
[--verbose], [--no-verbose]
d, [--vuln-db-path=VULN-DB-PATH] # Default: <HOME>/.yavdb/yavdb
Development
After checking out the repo, run bin/setup to install dependencies.Then, run bundle exec rake spec to run the tests.You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install.To release a new version, update the version number in version.rb, and then run bundle exec rake release,which will create a git tag for the version,push git commits and tags, and push the .gem file to rubygems.org.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/dependency_spy.This project is intended to be a safe, welcoming space for collaboration,and contributors are expected to adhere to the Contributor Covenant code of conduct.
Copyright
Copyright (c) 2017-present Rodrigo Fernandes.See LICENSE for details.
-
mockito spy Mockito是一个模拟框架(请参阅两种不同的模拟方法 ),它是EasyMock的分支。 无论使用哪种模拟框架,一个共同的功能都是能够通过JDK Proxy类模拟接口。 这很好,但是必须显式地模拟在测试过程中要使用的每种方法。 如果我想模拟一个已有的实现,并使用某些方法提供适合我的行为该怎么办? 今天,我遇到了这个案例:我有一个想重用的旧式助手类。 此类使用commons-
-
<dependency> <groupId>p6spy</groupId> <artifactId>p6spy</artifactId> <version>3.9.1</version> </dependency>(pom.xml) 配置类: 名称:spy.properties 内容: #3.2.1以上使用 modulelist=com.baomidou.mybatisplus.
-
pom依赖 <dependency> <groupId>p6spy</groupId> <artifactId>p6spy</artifactId> <version>${p6spy.version}</version> </dependency> 配
-
该插件有性能损耗,不建议生产环境使用。 开始整合 添加依赖 <dependency> <groupId>p6spy</groupId>
-
1、引入依赖 <dependency> <groupId>p6spy</groupId> <artifactId>p6spy</artifactId> <version>3.9.1</version> </dependency> 2、新增配置文件 spy.properties #3.2.1以上使用 modulelist=com.baomidou.mybatisplus.e
-
P6spy springBoot 项目添加日志输出 1、导入maven依耐 <dependency> <groupId>p6spy</groupId> <artifactId>p6spy</artifactId> <version>3.8.0</version> </dependency> 2、配置类 package com.zhcf.dealer.config; i