DependencyCheckGUI is a graphical user interface (GUI) for running OWASP Dependency-Check command-line tools.
It simplifies vulnerability scanning of software dependencies with an easy-to-use interface, additional CVE tools, and report management features.
⚡ Built with Python (PyQt5) for a modern and optimized experience.
- 📥 Download and install the latest or specific versions of Dependency-Check.
- 🔄 Check the installed version of Dependency-Check.
- 🗑 Purge outdated NVD (National Vulnerability Database) data.
- 🔑 Set NVD API Key directly in the app for faster and more reliable CVE lookups.
- 📁 Browse Folder: Scan entire project folders.
- 📄 Browse Files: Select individual files (
.jar
,.exe
,.zip
, etc.).
- 🏷 Define a project name for reports and logs.
- 📊 Automatically organizes report filenames based on project name.
▶️ Run scans on selected files/folders.- 📜 Real-time logs shown in a scrollable text field.
- 🔑 API key support for enhanced NVD data retrieval.
- 📝 CVE Details: Enter single or multiple CVE IDs (comma-separated) to fetch details.
- ☕ Jar Vulnerability Finder: Select a JAR file and fetch reported CVEs.
- ⬇️ Automatically download the latest Dependency-Check.
- 📊 Progress bar for downloads and extraction.
The GUI now contains three main menus:
- 📑 Open Reports Folder
- 📑 Open Logs Folder
- 🔑 Preferences → Set NVD API Key
- 🗑 Options → Purge NVD Data
- ❌ Exit
- 📝 CVE Details
- ☕ Jar Vulnerability Finder
- 🔎 Check Version of DC Tools
- ⬆️ Update DC Tools to Latest Version
- ℹ️ About
-
📦 Windows Installer (Recommended):
Download the installer from the Releases section.
Run the installer to set up the application. (No administrator rights required). -
⚡ Portable Executable:
- Before v1.2: A single
.exe
portable file was provided that could be run directly. - Since v1.2: The portable release is distributed as a
.zip
archive.
Extract the archive and run the included.exe
file to launch the application.
- Before v1.2: A single
git clone https://github.com/your-username/DependencyCheckGUI.git
cd DependencyCheckGUI
pip install -r requirements.txt
python DependencyCheckGUI.py
- 🧩 Uses OWASP Dependency-Check (
dependency-check.bat
) to perform scans. - 📥 Downloads and updates Dependency-Check automatically if missing.
- 🔑 Stores and uses your NVD API key for faster, reliable results.
- ☕ Includes a JAR CVE Finder and CVE ID Lookup tools.
- ☕ Java 11+
- 🌐 Internet access for Dependency-Check and CVE data
pyqt5
requests
subprocess
shutil
,os
zipfile
threading
Install all with:
pip install -r requirements.txt
- ❌ Dependency-Check not found → Program will prompt to download.
- 🔑 NVD API issues → Ensure valid API key is set in Preferences.
- 🌐 Network errors → Verify internet connectivity.
- 🗑 No NVD data to purge → Tool will notify if purge isn’t needed.
Licensed under the MIT License. See the LICENSE file.
- PyQt5 – GUI Framework
- Requests – For downloads & API calls
- GitHub API – To fetch DC versions
- Python – Cross-platform base
- OWASP Dependency-Check – For scanning dependencies for known vulnerabilities.
- Solr Search API – For indexing and searching project or CVE data.
- NVD API (National Vulnerability Database) – To fetch detailed CVE information for dependencies.
We appreciate the work of these open-source communities for providing invaluable tools and data.
✨ A simple yet powerful GUI to supercharge your OWASP Dependency-Check workflows! 🚀