Scanning Shaded Jar/Spring Boot application

[Andrew Pickett]

Hello, I was wondering how I can scan a shaded jar or a spring boot application (packaged as .jar). I tried --zipExtensions jar, but I can't figure out how to get it working...

Any help would be appreciated.

[Jeremy Long]

Scanning a spring boot or shaded jar should be relatively simple.

> dependency-check.sh --project boot -l run.log -s /path/to/boot.jar -o .

If an error occurs, the contents of the run.log file will be helpful in figuring out what the problem is.

Note, dependency-check only supports Shaded Jars - other tools like onejar, uberjar, etc. do not appear to include enough information to identify the combined dependencies.

--Jeremy