owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,158Updated 2 weeks ago
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆850Updated last year
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆767Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆578Updated 4 months ago
- Open Source Package Analysis☆841Updated 4 months ago
- An open source threat modeling tool from OWASP☆1,176Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆815Updated 5 months ago
- Open source vulnerability DB and triage service.☆1,966Updated this week
- CI/CD Security Analyzer☆668Updated 6 months ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆630Updated last week
- Agile Threat Modeling Toolkit☆689Updated last month
- secureCodeBox (SCB) - continuous secure delivery out of the box☆906Updated this week
- SecHub provides a central API to test software with different security tools.☆344Updated last week
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆157Updated this week
- Vulnerable app with examples showing how to not use secrets☆1,346Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆663Updated last month
- 🔎 Static code analysis engine to find security issues in code.☆1,557Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆396Updated last week
- A Pythonic framework for threat modeling☆1,029Updated 2 months ago
- A repo to conduct vulnerability enrichment.☆675Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆536Updated 6 months ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆756Updated 8 months ago
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆479Updated 2 months ago
- Awesome secure by default libraries to help you eliminate bug classes!☆699Updated 4 months ago
- ☆535Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆795Updated last week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆327Updated this week
- OXO is a security scanning orchestrator for the modern age.☆556Updated 3 weeks ago
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,382Updated this week
- ☆417Updated 2 years ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,396Updated last week