owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,184Updated this week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆856Updated 2 years ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆850Updated last week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆592Updated 8 months ago
- Open Source Package Analysis☆857Updated 7 months ago
- An open source threat modeling tool from OWASP☆1,259Updated this week
- CI/CD Security Analyzer☆725Updated 9 months ago
- Agile Threat Modeling Toolkit☆716Updated 3 weeks ago
- secureCodeBox (SCB) - continuous secure delivery out of the box☆927Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆823Updated 8 months ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆680Updated 2 months ago
- A repo to conduct vulnerability enrichment.☆702Updated last week
- 🔎 Static code analysis engine to find security issues in code.☆1,939Updated this week
- A Pythonic framework for threat modeling☆1,078Updated 3 weeks ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆429Updated 3 weeks ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆765Updated last year
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆872Updated last week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,036Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆551Updated 6 months ago
- SecHub provides a central API to test software with different security tools.☆350Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆562Updated last month
- Open source vulnerability DB and triage service.☆2,405Updated this week
- Vulnerable app with examples showing how to not use secrets☆1,375Updated last week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆640Updated 2 weeks ago
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,540Updated this week
- 💀 Don't fear the Reaper 👻☆705Updated 3 weeks ago
- Awesome secure by default libraries to help you eliminate bug classes!☆700Updated last week
- An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRI…☆890Updated 2 weeks ago
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆415Updated this week
- ☆421Updated 2 years ago
- ☆549Updated 2 weeks ago