Questions about the technology behind CodeShield
CodeShield creates a unique fingerprinting of each JAR file and the containing classes. This fingerprint is resillent to modifications, e.g., re-compilation and re-packaging, and thus can identify also modified code.
The risk evaluation computes a confidence value, which provides full transparency for the results..
CodeShield integrates in VisalCode, Intellij, Jenkins, DependencyTrack and DefectDojo. We are working on further integrations for GitLab, GitHub, Eclipse, and many more.
CodeShield integrates into the Maven-Lifecycle and only requries a few milliseconds per dependency.
CodeShield analyzes the bytecode of each dependency and does not soley rely on metadata, e.g., filenames or version ranges.
In case you haven't found the answer for your question please feel free to contact us, we will be happy to help you.