owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,068Updated this week
Alternatives and similar repositories for dep-scan:
Users that are interested in dep-scan are comparing it to the libraries listed below
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆640Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆828Updated last year
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆847Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆546Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆564Updated 2 weeks ago
- CI/CD Security Analyzer☆652Updated last week
- Agile Threat Modeling Toolkit☆646Updated 2 weeks ago
- open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. Th…☆1,097Updated this week
- ☆517Updated this week
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,333Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆795Updated last month
- A repo to conduct vulnerability enrichment.☆577Updated this week
- Tool for building Kubernetes attack paths☆822Updated this week
- Open source vulnerability DB and triage service.☆1,750Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆337Updated 3 months ago
- Automating situational awareness for cloud penetration tests.☆2,040Updated 2 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆292Updated this week
- ☆404Updated 2 years ago
- Semgrep rules registry☆866Updated this week
- Open Source Package Analysis☆820Updated last month
- Pen Test Report Generation and Assessment Collaboration☆468Updated this week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,898Updated this week
- Navigate the CVE jungle with ease.☆1,863Updated last week
- 🔎 Static code analysis engine to find security issues in code.☆1,056Updated 2 weeks ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆888Updated last week
- boostsecurityio/poutine☆256Updated this week
- A list of open source web security scanners☆1,013Updated 5 months ago
- Vulnerable app with examples showing how to not use secrets☆1,277Updated this week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,099Updated last year
- 💀 Don't fear the Reaper 👻☆468Updated this week