owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7
☆1,013Updated this week
Related projects ⓘ
Alternatives and complementary repositories for dep-scan
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆578Updated this week
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆805Updated last year
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆509Updated this week
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆811Updated this week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆769Updated this week
- An open source threat modeling tool from OWASP☆930Updated this week
- A Pythonic framework for threat modeling☆917Updated 3 months ago
- CI/CD Security Analyzer☆622Updated 2 weeks ago
- Open Source Package Analysis☆730Updated last week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆312Updated 2 weeks ago
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆726Updated 3 months ago
- Agile Threat Modeling Toolkit☆614Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆480Updated last month
- GitHub Actions Pipeline Enumeration and Attack Tool☆567Updated 2 months ago
- A list of open source web security scanners☆947Updated last month
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,041Updated 9 months ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆486Updated last week
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆862Updated 2 weeks ago
- ☆399Updated last year
- ☆491Updated 3 weeks ago
- Semgrep rules registry☆804Updated this week
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆341Updated this week
- Tool for building Kubernetes attack paths☆772Updated 2 weeks ago
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆846Updated 3 months ago
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆2,690Updated this week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆781Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆363Updated this week
- CVE Alerting Platform☆1,806Updated this week
- Navigate the CVE jungle with ease.☆1,745Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆247Updated this week