owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,125Updated last week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆846Updated last year
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆717Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆570Updated 2 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆810Updated 2 months ago
- CI/CD Security Analyzer☆659Updated 4 months ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆651Updated 2 months ago
- Open Source Package Analysis☆833Updated 2 months ago
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,389Updated this week
- A repo to conduct vulnerability enrichment.☆646Updated this week
- Open source vulnerability DB and triage service.☆1,902Updated last week
- An open source threat modeling tool from OWASP☆1,127Updated this week
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆942Updated 3 months ago
- ☆529Updated 3 weeks ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆749Updated 6 months ago
- Vulnerable app with examples showing how to not use secrets☆1,330Updated this week
- Threat matrix for CI/CD Pipeline☆752Updated 11 months ago
- A Pythonic framework for threat modeling☆1,011Updated 3 weeks ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆929Updated this week
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆940Updated 4 months ago
- 🔎 Static code analysis engine to find security issues in code.☆1,377Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆532Updated last month
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆525Updated 4 months ago
- A list of open source web security scanners☆1,104Updated last month
- Agile Threat Modeling Toolkit☆676Updated last week
- Open-source CVE monitoring and alerting platform☆2,036Updated last month
- OXO is a security scanning orchestrator for the modern age.☆552Updated last week
- Security compliance platform - SOC2, CMMC, ASVS, ISO27001, HIPAA, NIST CSF, NIST 800-53, CSC CIS 18, PCI DSS, SSF tracking☆566Updated 3 weeks ago
- Tool for building Kubernetes attack paths☆886Updated this week
- VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, i…☆499Updated 3 weeks ago
- A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for …☆1,561Updated 10 months ago