-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Making a new Analyzer
An analyzer is created by implementing the org.codesecure.dependencycheck.analyzer.Analyzer interface. DependencyCheck uses the Java ServiceLoader API to load the analyzers. So after implementing the Analyzer interface - the analyzer's fully qualified name needs to be added to the file: 'META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer'.
Considerations when building an Analyzer:
File Extensions: If you are creating an analyzer for a specific file type the getSupportedExtensions() method should return a lower case set of extensions. This is used by the Scanner to determine if a file being scanned should be converted into a Dependency. If the analyzer is meant to run on all files Dependencies, but not actually cause any files scanned to be converted into Dependencies, then the getSupportedExtensions() method should return null.
The supportsExtension() method is then used by the Engine to determine if a Dependency found by the Scanner should be passed to the Analyzer in question.
Analysis Phase: This is one of the most important considerations when making an Analyzer.