Alternatives and similar repositories for DependencyCheck

Users that are interested in DependencyCheck are comparing it to the libraries listed below

• find-sec-bugs / find-sec-bugs
  The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…
  ☆2,408Updated 7 months ago
• DependencyTrack / dependency-track
  Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
  ☆3,559Updated last week
• spotbugs / spotbugs
  SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
  ☆3,818Updated this week
• DefectDojo / django-DefectDojo
  Open-Source Unified Vulnerability Management, DevSecOps & ASPM
  ☆4,477Updated this week
• OWASP / Top10
  Official OWASP Top 10 Document Repository
  ☆5,219Updated last month
• snyk / cli
  Snyk CLI scans and monitors your projects for security vulnerabilities.
  ☆5,407Updated this week
• quay / clair
  Vulnerability Static Analysis for Containers
  ☆10,913Updated last week
• infobyte / faraday
  Open Source Vulnerability Management Platform
  ☆6,236Updated last week
• google / osv.dev
  Open source vulnerability DB and triage service.
  ☆2,468Updated this week
• archerysec / archerysec
  ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.
  ☆2,435Updated 7 months ago
• ajinabraham / nodejsscan
  nodejsscan is a static security code scanner for Node.js applications.
  ☆2,542Updated 3 months ago
• OWASP / SecurityShepherd
  Web and mobile application security training platform
  ☆1,422Updated 3 months ago
• flipkart-incubator / Astra
  Automated Security Testing For REST API's
  ☆2,634Updated last year
• michenriksen / gitrob
  Reconnaissance tool for GitHub organizations
  ☆6,133Updated 3 years ago
• andresriancho / w3af
  w3af: web application attack and audit framework, the open source web vulnerability scanner.
  ☆4,850Updated 2 years ago
• SonarSource / sonarqube
  Continuous Inspection
  ☆10,200Updated last week
• thoughtworks / talisman
  Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…
  ☆2,062Updated this week
• ticarpi / jwt_tool
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,339Updated 9 months ago
• xmendez / wfuzz
  Web application fuzzer
  ☆6,397Updated 2 weeks ago
• projectdiscovery / nuclei
  Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabl…
  ☆26,889Updated this week
• OWASP / threat-dragon
  An open source threat modeling tool from OWASP
  ☆1,301Updated last week
• Yelp / detect-secrets
  An enterprise friendly way of detecting and preventing secrets in code.
  ☆4,412Updated 10 months ago
• RetireJS / retire.js
  scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
  ☆4,063Updated last week
• frohoff / ysoserial
  A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
  ☆8,722Updated 2 months ago
• semgrep / semgrep
  Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
  ☆14,010Updated last week
• zaproxy / zaproxy
  The ZAP by Checkmarx Core project
  ☆14,683Updated last week
• mbechler / marshalsec
  ☆3,658Updated last year
• OWASP / ASVS
  Application Security Verification Standard
  ☆3,326Updated this week
• anchore / anchore-engine
  A service that analyzes docker images and scans for vulnerabilities
  ☆1,593Updated 3 years ago
• gitleaks / gitleaks
  Find secrets with Gitleaks 🔑
  ☆24,786Updated 3 weeks ago