dcweb is a dependency vulnerability scanning system that automates detection of publicly disclosed security issues in third-party libraries, primarily for Java and .NET projects.
三方依赖库扫描系统
This tool is used to automatically or manually scan project dependencies for known vulnerabilities, helping security teams and developers identify and remediate risks in their software supply chain. It is ideal for organizations looking to integrate dependency scanning into their DevSecOps workflows or for security personnel to assist with targeted vulnerability assessments.
dcweb requires a Java runtime environment and the OWASP Dependency-Check binary to function. Docker deployment is recommended for ease of setup and portability. The tool currently runs with debug mode enabled by default and lacks web interface authentication, which is planned for future releases. It is best suited for organizations with moderate code release frequency to leverage security personnel support for scan result analysis.
git clone git@github.com:he1m4n6a/dcweb.git
pip install -r requirements.txt
Download latest dependency-check binary from https://bintray.com/jeremy-long/owasp/dependency-check and place it in dcweb/dependency-check directory
Install Java environment with apt-get install default-jdk
Run the server with python manage.py runserver 0.0.0.0:8888
Alternatively, for Docker installation: git clone git@github.com:he1m4n6a/dcweb.git
cd docker-deploy
docker-compose build
docker-compose up -dpython manage.py runserver 0.0.0.0:8888
Starts the dcweb web server accessible on port 8888
docker-compose build
Builds the Docker image for dcweb
docker-compose up -d
Runs the dcweb service in detached Docker containers
Upload source code archive containing third-party dependencies and click start scan
Initiates a vulnerability scan on the uploaded project dependencies