Alternatives and similar repositories for DependencyCheck

Users that are interested in DependencyCheck are comparing it to the libraries listed below

• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,308Updated this week
• find-sec-bugs / find-sec-bugs
  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…
  ☆2,382Updated 4 months ago
• dependency-check / dependency-check-sonar-plugin
  Integrates Dependency-Check reports into SonarQube
  ☆669Updated last week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,836Updated last week
• DefectDojo / django-DefectDojo
  Open-Source Unified Vulnerability Management, DevSecOps & ASPM
  ☆4,296Updated last week
• archerysec / archerysec
  ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
  ☆2,415Updated 4 months ago
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆7,834Updated this week
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,279Updated 7 months ago
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆10,861Updated last week
• OWASP / ASVS
  Application Security Verification Standard
  ☆3,213Updated last week
• greenbone / openvas-scanner
  This repository contains the scanner component for Greenbone Community Edition.
  ☆4,125Updated this week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆2,352Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,590Updated 2 years ago
• rbsec / sslscan
  sslscan tests SSL/TLS enabled services to discover supported cipher suites
  ☆2,534Updated 2 weeks ago
• OWASP-Benchmark / BenchmarkJava
  OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…
  ☆742Updated last week
• flipkart-incubator / Astra
  Automated Security Testing For REST API's
  ☆2,614Updated last year
• snyk / cli
  Snyk CLI scans and monitors your projects for security vulnerabilities.
  ☆5,288Updated this week
• spotbugs / spotbugs
  SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  ☆3,763Updated this week
• blabla1337 / skf-flask
  Security Knowledge Framework (SKF) Python Flask / Angular project
  ☆824Updated last year
• cve-search / cve-search
  cve-search - a tool to perform local searches for known vulnerabilities
  ☆2,541Updated last month
• aquasecurity / trivy
  Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
  ☆29,550Updated this week
• testssl / testssl.sh
  Testing TLS/SSL encryption anywhere on any port
  ☆8,658Updated 2 weeks ago
• RetireJS / retire.js
  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
  ☆3,985Updated last week
• OWASP / SecurityShepherd
  Web and mobile application security training platform
  ☆1,407Updated 2 weeks ago
• frohoff / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,559Updated last year
• google / osv-scanner
  Vulnerability scanner written in Go which uses the data provided by https://osv.dev
  ☆7,932Updated last week
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆13,173Updated this week
• zaproxy / zaproxy
  The ZAP by Checkmarx Core project
  ☆14,259Updated last week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,118Updated this week
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆1,217Updated this week