dependency-check / DependencyCheckLinks
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
☆7,328Updated this week
Alternatives and similar repositories for DependencyCheck
Users that are interested in DependencyCheck are comparing it to the libraries listed below
Sorting:
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,428Updated this week
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,395Updated 5 months ago
- SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.☆3,782Updated this week
- Integrates Dependency-Check reports into SonarQube☆675Updated last month
- The ZAP by Checkmarx Core project☆14,472Updated this week
- scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.☆4,025Updated this week
- Web Application Security Scanner Framework☆3,968Updated 6 months ago
- Vulnerability Static Analysis for Containers☆10,877Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆8,027Updated this week
- WebGoat is a deliberately insecure application☆8,724Updated 2 weeks ago
- A suite of tools to automate software compliance checks.☆1,872Updated this week
- Open-Source Unified Vulnerability Management, DevSecOps & ASPM☆4,372Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆8,127Updated this week
- Open source vulnerability DB and triage service.☆2,394Updated last week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆30,274Updated this week
- Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.☆13,506Updated last week
- Application Security Verification Standard☆3,249Updated 3 weeks ago
- ASOC, ASPM, DevSecOps, Vulnerability Management Using ArcherySec.☆2,421Updated 5 months ago
- Using a pre-commit hook, Talisman validates the outgoing changeset for things that look suspicious — such as tokens, passwords, and priva…☆2,050Updated last week
- A vulnerability scanner for container images and filesystems☆11,088Updated this week
- Snyk CLI scans and monitors your projects for security vulnerabilities.☆5,340Updated this week
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆8,620Updated last year
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,030Updated last week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆856Updated 2 years ago
- nodejsscan is a static security code scanner for Node.js applications.☆2,532Updated last month
- An enterprise friendly way of detecting and preventing secrets in code.☆4,324Updated 8 months ago
- Find, verify, and analyze leaked credentials☆23,660Updated this week
- This repository contains the scanner component for Greenbone Community Edition.☆4,258Updated last week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,534Updated this week
- Open Source Vulnerability Management Platform☆6,049Updated this week