Scanning Shaded Jar/Spring Boot application

109 views
Skip to first unread message

Andrew Pickett

unread,
Aug 2, 2018, 9:49:53 AM8/2/18
to Dependency Check
Hello, I was wondering how I can scan a shaded jar or a spring boot application (packaged as .jar). I tried --zipExtensions jar, but I can't figure out how to get it working...

Any help would be appreciated.

Jeremy Long

unread,
Aug 8, 2018, 10:00:28 AM8/8/18
to Dependency Check
Scanning a spring boot or shaded jar should be relatively simple.

> dependency-check.sh --project boot -l run.log -s /path/to/boot.jar -o .

If an error occurs, the contents of the run.log file will be helpful in figuring out what the problem is.

Note, dependency-check only supports Shaded Jars - other tools like onejar, uberjar, etc. do not appear to include enough information to identify the combined dependencies.

--Jeremy
Reply all
Reply to author
Forward
0 new messages