This demostrate how to use to scan publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.
Setup
Go to website
Scroll to the bottom and look for Command Line. Click on the link to download OWASP Dependency Check. It will download a ZIP file to the Downloads folder.
Unzip the downloaded zip file to your downloads location. e.g. C:\temp\dependency-check-6.1.5-release\
Usage On Windows
Launch the cmd command line window
From cmd, navigate to the bin file path. example:
CD C:\temp\dependency-check-6.1.5-release\bin
Execute the scan command with the target file path and report output path. Assuming your project file path is C:\projects\hello-world