Getting Started (Development)
OWASP dep-scan is under very active development by AppThreat and the OWASP community. This is a comprehensive guide to contributing for developers of all experience level.
Setting up the Development Environment
Here are steps to download and run dep-scan software.
dep-scan utilizes the Cyclonedx/cdxgen project. Therefore is it required to install it using
npm install -g @cyclonedx/cdxgen
You would have to download any package managers utilized by your project on your system in order to ensure that cdxgen works on them properly.
While using cdxgen it is a good idea to export CDXGEN_DEBUG_MODE=debug to ensure if you can install and package managers you might be missing for a scan.
- Clone
owasp-dep-scan/dep-scanproject repository.
git clone https://github.com/owasp-dep-scan/dep-scan
cd dep-scan
- Setup and activate a python environment of your choice. We use
venvto manager our environemnts as an example here.
python3 -m venv venv
source venv/bin/activate
- Install dependencies and building dep-scan.
pip install -e .
-e flag in pip creates a local install which is means that changes made to the project can be used instantly without having to install the project again.