Alternatives and similar repositories for DependencyCheck

Users that are interested in DependencyCheck are comparing it to the libraries listed below

• find-sec-bugs / find-sec-bugs
  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…
  ☆2,364Updated 2 months ago
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,184Updated this week
• zaproxy / zaproxy
  The ZAP by Checkmarx Core project
  ☆13,980Updated last week
• RetireJS / retire.js
  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
  ☆3,924Updated 2 weeks ago
• DefectDojo / django-DefectDojo
  DevSecOps, ASPM, Vulnerability Management. All on one platform.
  ☆4,165Updated last week
• archerysec / archerysec
  ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
  ☆2,400Updated 2 months ago
• infobyte / faraday
  Open Source Vulnerability Management Platform
  ☆5,891Updated 3 weeks ago
• spotbugs / spotbugs
  SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  ☆3,720Updated last week
• SonarSource / sonarqube
  Continuous Inspection
  ☆9,811Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,770Updated this week
• snyk / cli
  Snyk CLI scans and monitors your projects for security vulnerabilities.
  ☆5,205Updated last week
• anchore / grype
  A vulnerability scanner for container images and filesystems
  ☆10,449Updated last week
• oss-review-toolkit / ort
  A suite of tools to automate software compliance checks.
  ☆1,797Updated last week
• ossf / scorecard
  OpenSSF Scorecard - Security health metrics for Open Source
  ☆5,025Updated this week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆1,958Updated this week
• flipkart-incubator / Astra
  Automated Security Testing For REST API's
  ☆2,607Updated last year
• frohoff / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,467Updated last year
• andresriancho / w3af
  w3af: web application attack and audit framework, the open source web vulnerability scanner.
  ☆4,751Updated 2 years ago
• trufflesecurity / trufflehog
  Find, verify, and analyze leaked credentials
  ☆20,191Updated last week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,587Updated 2 years ago
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆12,564Updated this week
• OWASP / API-Security
  OWASP API Security Project
  ☆2,201Updated 7 months ago
• Arachni / arachni
  Web Application Security Scanner Framework
  ☆3,940Updated 3 months ago
• anchore / syft
  CLI tool and library for generating a Software Bill of Materials from container images and filesystems
  ☆7,478Updated last week
• thoughtworks / talisman
  Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…
  ☆2,025Updated 3 weeks ago
• rbsec / sslscan
  sslscan tests SSL/TLS enabled services to discover supported cipher suites
  ☆2,502Updated last month
• ajinabraham / nodejsscan
  nodejsscan is a static security code scanner for Node.js applications.
  ☆2,490Updated last month
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,209Updated 5 months ago
• WebGoat / WebGoat
  WebGoat is a deliberately insecure application
  ☆7,665Updated 2 weeks ago
• ticarpi / jwt_tool
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,035Updated 3 months ago