owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,054Updated last month
Alternatives and similar repositories for dep-scan:
Users that are interested in dep-scan are comparing it to the libraries listed below
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆620Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆822Updated last year
- CI/CD Security Analyzer☆643Updated 3 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆538Updated this week
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆840Updated this week
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆355Updated last month
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆788Updated last week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆557Updated last week
- Agile Threat Modeling Toolkit☆642Updated last week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆327Updated 2 months ago
- A repo to conduct vulnerability enrichment.☆538Updated this week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆503Updated 3 months ago
- Open source vulnerability DB and triage service.☆1,664Updated this week
- CVE Alerting Platform☆1,878Updated this week
- An open source threat modeling tool from OWASP☆993Updated this week
- A Pythonic framework for threat modeling☆951Updated last month
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆734Updated last month
- Open Source Package Analysis☆809Updated 2 weeks ago
- Automating situational awareness for cloud penetration tests.☆2,006Updated 3 weeks ago
- ☆403Updated 2 years ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,078Updated last year
- secureCodeBox (SCB) - continuous secure delivery out of the box☆795Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆502Updated 2 months ago
- Threat matrix for CI/CD Pipeline☆743Updated 6 months ago
- GitHub Actions Pipeline Enumeration and Attack Tool☆580Updated 5 months ago
- Pen Test Report Generation and Assessment Collaboration☆460Updated 2 weeks ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆560Updated this week
- Support CI generation of SBOMs via golang tooling.☆419Updated 2 weeks ago
- Global Security Database☆315Updated 9 months ago
- ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.☆682Updated last year