owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,021Updated this week
Related projects ⓘ
Alternatives and complementary repositories for dep-scan
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆808Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆516Updated this week
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆584Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆775Updated last week
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆818Updated this week
- CI/CD Security Analyzer☆626Updated last month
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆534Updated 2 weeks ago
- Open Source Package Analysis☆734Updated 3 weeks ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,049Updated 9 months ago
- Vulnerable app with examples showing how to not use secrets☆1,236Updated this week
- OXO is a security scanning orchestrator for the modern age.☆529Updated last week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆314Updated 3 weeks ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,291Updated this week
- GitHub Actions Pipeline Enumeration and Attack Tool☆569Updated 3 months ago
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆485Updated 2 weeks ago
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆879Updated this week
- A repo to conduct vulnerability enrichment.☆484Updated this week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆784Updated this week
- Semgrep rules registry☆809Updated this week
- Navigate the CVE jungle with ease.☆1,772Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆729Updated 4 months ago
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆343Updated 2 weeks ago
- open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. Th…☆917Updated last week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆492Updated 3 weeks ago
- Open source vulnerability DB and triage service.☆1,540Updated this week
- Pen Test Report Generation and Assessment Collaboration☆444Updated last week
- A tool to automatically build a dependency graph and Software Bill of Materials (SBOM) for packages and arbitrary source code repositorie…☆331Updated 8 months ago
- Tool for building Kubernetes attack paths☆788Updated this week
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆848Updated 4 months ago
- A list of open source web security scanners☆958Updated last month