owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,080Updated last week
Alternatives and similar repositories for dep-scan:
Users that are interested in dep-scan are comparing it to the libraries listed below
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆837Updated last year
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆661Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆559Updated this week
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆856Updated 2 weeks ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆620Updated this week
- An open source threat modeling tool from OWASP☆1,059Updated this week
- CI/CD Security Analyzer☆655Updated last month
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆798Updated this week
- Tool for building Kubernetes attack paths☆837Updated last week
- Open source vulnerability DB and triage service.☆1,788Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆510Updated 4 months ago
- Agile Threat Modeling Toolkit☆653Updated last week
- A repo to conduct vulnerability enrichment.☆595Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆741Updated 3 months ago
- 🔎 Static code analysis engine to find security issues in code.☆1,202Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆347Updated 4 months ago
- Automating situational awareness for cloud penetration tests.☆2,064Updated 3 weeks ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆880Updated this week
- CVE Alerting Platform☆1,944Updated this week
- ☆406Updated 2 years ago
- Open Source Package Analysis☆823Updated 3 weeks ago
- 💀 Don't fear the Reaper 👻☆486Updated this week
- ☆521Updated 2 weeks ago
- Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastruct…☆2,259Updated this week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,122Updated last year
- Vulnerable app with examples showing how to not use secrets☆1,293Updated this week
- OXO is a security scanning orchestrator for the modern age.☆548Updated this week
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆929Updated 2 weeks ago
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆358Updated this week
- Pen Test Report Generation and Assessment Collaboration☆503Updated 2 weeks ago