Sometimes its useful to quick check if multiple maven projects which are located in a subfolder are using vulnerable 3th party libraries:
- folderToScan
-- project1
--- pom.xml
-- project2
--- pom.xml
...
If you don’t want to touch each of the pom.xml or integrating all the projects into a buildchain, this could be done by calling all pom.xml, downloading all referenced jars to the project folders and scanning against nvd cve database using the owasp dependency checker. From “folderToScan” call:
find . -name "pom.xml" -exec mvn dependency:copy-dependencies -DoutputDirectory=./lib -f '{}' \; dependency-check --project "MY_SCAN_PROJECT" --scan "PATH_TO_FOLDER_TO_SCAN/**/*.jar"