jeremylong / DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
☆6,638Updated this week
Alternatives and similar repositories for DependencyCheck:
Users that are interested in DependencyCheck are comparing it to the libraries listed below
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,786Updated this week
- Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more☆24,373Updated this week
- The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala proje…☆2,301Updated last month
- Vulnerability Static Analysis for Containers☆10,452Updated this week
- CLI tool and library for generating a Software Bill of Materials from container images and filesystems☆6,491Updated this week
- A vulnerability scanner for container images and filesystems☆9,243Updated this week
- Vulnerability scanner written in Go which uses the data provided by https://osv.dev☆6,373Updated this week
- Open source vulnerability DB and triage service.☆1,583Updated this week
- An enterprise friendly way of detecting and preventing secrets in code.☆3,887Updated last week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,140Updated this week
- scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.☆3,740Updated this week
- Application Security Verification Standard☆2,804Updated this week
- Snyk CLI scans and monitors your projects for security vulnerabilities.☆5,006Updated this week
- SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.☆3,560Updated this week
- A service that analyzes docker images and scans for vulnerabilities☆1,587Updated last year
- OpenSSF Scorecard - Security health metrics for Open Source☆4,727Updated this week
- The ZAP by Checkmarx Core project☆12,937Updated this week
- Code signing and transparency for containers and binaries☆4,647Updated this week
- Hunt for security weaknesses in Kubernetes clusters☆4,781Updated 9 months ago
- Find secrets with Gitleaks 🔑☆18,600Updated this week
- OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web…☆681Updated this week
- The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in productio…☆9,226Updated 2 months ago
- Tfsec is now part of Trivy☆6,746Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆822Updated last year
- DevSecOps, ASPM, Vulnerability Management. All on one platform.☆3,822Updated this week
- Continuous Inspection☆9,236Updated this week
- The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.☆1,677Updated this week
- sslscan tests SSL/TLS enabled services to discover supported cipher suites☆2,382Updated last month
- Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices☆11,183Updated this week