This repo analyses your code to determine what parts of your dependencies you use, and stores this in a file which can be picked up debricked.
This, combined with our information about what parts of dependencies are affected by CVEs, allows us to determine whether you use the parts of a dependency affected by a vulnerability, or if its safe to continue using the dependency in spite of the vulnerability.
Go to common java directory: cd java/common/
Build SootWrapper: mvn clean package -X -DskipTests
You will now have jar-file in the target directory: java/common/target
.