owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,199Updated this week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆862Updated 2 years ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆883Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆596Updated 9 months ago
- Open Source Package Analysis☆862Updated 9 months ago
- CI/CD Security Analyzer☆728Updated 11 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆827Updated 9 months ago
- An open source threat modeling tool from OWASP☆1,292Updated this week
- Agile Threat Modeling Toolkit☆720Updated 2 months ago
- 🔎 Static code analysis engine to find security issues in code.☆2,036Updated last week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆941Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆682Updated 2 weeks ago
- Open source vulnerability DB and triage service.☆2,462Updated this week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆642Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,064Updated this week
- A Pythonic framework for threat modeling☆1,090Updated 2 weeks ago
- SecHub provides a central API to test software with different security tools.☆356Updated 2 weeks ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆447Updated last month
- Vulnerable app with examples showing how to not use secrets☆1,390Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆767Updated last year
- ☆557Updated this week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆959Updated this week
- A repo to conduct vulnerability enrichment.☆716Updated this week
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆441Updated this week
- ☆423Updated 3 years ago
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆438Updated this week
- Vulnerability Intelligence Platform☆2,431Updated last week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆564Updated 2 months ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆1,011Updated 3 weeks ago
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,530Updated last week
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,559Updated this week