Dependency Check

OWASP Dependency Check output can be imported in Xml format. This parser ingests the vulnerable dependencies and inherits the suppressions.

  • Suppressed vulnerabilities are tagged with the tag: suppressed.
  • Suppressed vulnerabilities are marked as mitigated.
  • If the suppression is missing any <notes> tag, it tags them as no_suppression_document.
  • Related vulnerable dependencies are tagged with related tag.

Sample Scan Data

Sample Dependency Check scans can be found here.

Last modified February 5, 2024: Update versions (738dca4)