owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,183Updated this week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆827Updated this week
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆590Updated 7 months ago
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆854Updated 2 years ago
- Open Source Package Analysis☆857Updated 7 months ago
- Agile Threat Modeling Toolkit☆711Updated this week
- An open source threat modeling tool from OWASP☆1,239Updated last week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆921Updated this week
- CI/CD Security Analyzer☆718Updated 8 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆818Updated 7 months ago
- A repo to conduct vulnerability enrichment.☆696Updated last week
- 🔎 Static code analysis engine to find security issues in code.☆1,872Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,019Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆763Updated 11 months ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆679Updated last month
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆858Updated 3 weeks ago
- Open source vulnerability DB and triage service.☆2,373Updated this week
- A Pythonic framework for threat modeling☆1,067Updated this week
- SecHub provides a central API to test software with different security tools.☆349Updated this week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆425Updated last week
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆639Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆401Updated last week
- Vulnerability Intelligence Platform☆2,316Updated last week
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆190Updated last week
- Global Security Database☆315Updated last year
- 💀 Don't fear the Reaper 👻☆696Updated last week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆545Updated 6 months ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆557Updated 3 weeks ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,418Updated last week
- blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-o…☆418Updated last week
- An AI-powered threat modeling tool that leverages OpenAI's GPT models to generate threat models for a given application based on the STRI…☆871Updated this week