owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,143Updated this week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆738Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆846Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆571Updated 3 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆814Updated 3 months ago
- An open source threat modeling tool from OWASP☆1,142Updated last week
- Open Source Package Analysis☆834Updated 3 months ago
- CI/CD Security Analyzer☆661Updated 4 months ago
- 🔎 Static code analysis engine to find security issues in code.☆1,418Updated last week
- Agile Threat Modeling Toolkit☆681Updated last week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆903Updated this week
- Open source vulnerability DB and triage service.☆1,924Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆654Updated 3 months ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆530Updated 4 months ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆751Updated 7 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆382Updated this week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,407Updated last week
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆392Updated last month
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆762Updated this week
- SecHub provides a central API to test software with different security tools.☆339Updated last week
- Vulnerable app with examples showing how to not use secrets☆1,334Updated this week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆600Updated this week
- A Pythonic framework for threat modeling☆1,013Updated last month
- A repo to conduct vulnerability enrichment.☆655Updated this week
- ☆416Updated 2 years ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,381Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆533Updated last month
- Open-source CVE monitoring and alerting platform☆2,093Updated last week
- 💀 Don't fear the Reaper 👻☆555Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆318Updated this week
- Awesome secure by default libraries to help you eliminate bug classes!☆698Updated 2 months ago