owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,095Updated this week
Alternatives and similar repositories for dep-scan:
Users that are interested in dep-scan are comparing it to the libraries listed below
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆681Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆838Updated last year
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆859Updated last month
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆563Updated 3 weeks ago
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆514Updated 5 months ago
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆353Updated 5 months ago
- Open Source Package Analysis☆829Updated last week
- An open source threat modeling tool from OWASP☆1,083Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆635Updated 3 weeks ago
- CI/CD Security Analyzer☆655Updated 2 months ago
- Agile Threat Modeling Toolkit☆659Updated 2 weeks ago
- Open source vulnerability DB and triage service.☆1,830Updated this week
- Tool for building Kubernetes attack paths☆853Updated last week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆746Updated 4 months ago
- A Pythonic framework for threat modeling☆988Updated 2 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆801Updated 3 weeks ago
- ☆524Updated this week
- Open-source CVE monitoring and alerting platform☆1,975Updated 2 weeks ago
- Vulnerable app with examples showing how to not use secrets☆1,299Updated this week
- Support CI generation of SBOMs via golang tooling.☆423Updated 3 months ago
- 🔎 Static code analysis engine to find security issues in code.☆1,250Updated this week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆882Updated this week
- Automating situational awareness for cloud penetration tests.☆2,081Updated last month
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆935Updated last month
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,986Updated last week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆572Updated last week
- ☆407Updated 2 years ago
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆360Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆304Updated this week
- An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRI…☆700Updated last month