owasp-dep-scan / dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,111Updated this week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆840Updated last year
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆859Updated 2 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆694Updated this week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆641Updated last month
- Open Source Package Analysis☆833Updated last month
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆566Updated last month
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆803Updated last month
- Agile Threat Modeling Toolkit☆665Updated 3 weeks ago
- An open source threat modeling tool from OWASP☆1,098Updated last week
- Open-source CVE monitoring and alerting platform☆1,993Updated last week
- The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.☆927Updated 2 months ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆515Updated 2 months ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆579Updated this week
- ☆524Updated last week
- CI/CD Security Analyzer☆657Updated 2 months ago
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,140Updated last year
- Automating situational awareness for cloud penetration tests.☆2,104Updated 2 months ago
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆272Updated this week
- A repo to conduct vulnerability enrichment.☆630Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆309Updated this week
- A Pythonic framework for threat modeling☆996Updated 2 months ago
- 🔎 Static code analysis engine to find security issues in code.☆1,286Updated this week
- 💀 Don't fear the Reaper 👻☆512Updated this week
- Vulnerable app with examples showing how to not use secrets☆1,310Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆747Updated 5 months ago
- Open source vulnerability DB and triage service.☆1,861Updated this week
- boostsecurityio/poutine☆267Updated last week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆520Updated 6 months ago
- Tool for building Kubernetes attack paths☆861Updated last week
- Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.☆2,289Updated this week