owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,168Updated last month
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆854Updated 2 years ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆586Updated 6 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆802Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆814Updated 6 months ago
- An open source threat modeling tool from OWASP☆1,206Updated 2 weeks ago
- CI/CD Security Analyzer☆673Updated 7 months ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆671Updated 2 months ago
- Agile Threat Modeling Toolkit☆702Updated last month
- Open Source Package Analysis☆848Updated 5 months ago
- Open source vulnerability DB and triage service.☆2,255Updated this week
- 🔎 Static code analysis engine to find security issues in code.☆1,735Updated this week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆915Updated this week
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆183Updated this week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆632Updated last week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆839Updated this week
- A repo to conduct vulnerability enrichment.☆686Updated this week
- SecHub provides a central API to test software with different security tools.☆346Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆993Updated this week
- Vulnerable app with examples showing how to not use secrets☆1,359Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆758Updated 10 months ago
- A Pythonic framework for threat modeling☆1,046Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆415Updated last week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆548Updated 3 weeks ago
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆1,003Updated 6 months ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆382Updated this week
- 💀 Don't fear the Reaper 👻☆602Updated last month
- ☆540Updated last week
- OSV-SCALIBR: A library for Software Composition Analysis☆512Updated last week
- GitHub Actions Goat: Deliberately Vulnerable GitHub Actions CI/CD Environment☆481Updated 3 months ago
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆381Updated this week