owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,117Updated last week
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆842Updated last year
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆703Updated this week
- Code Scanning/SAST/Static Analysis/Linting using many tools/Scanners with One Report (Code, IaC) - Betterscan☆863Updated last week
- CI/CD Security Analyzer☆659Updated 3 months ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆570Updated 2 months ago
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆518Updated 3 months ago
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆646Updated 2 months ago
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆809Updated 2 months ago
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆523Updated 2 weeks ago
- An open source threat modeling tool from OWASP☆1,112Updated this week
- Threat matrix for CI/CD Pipeline☆751Updated 10 months ago
- Open source vulnerability DB and triage service.☆1,892Updated this week
- A repo to conduct vulnerability enrichment.☆640Updated this week
- Open Source Package Analysis☆834Updated last month
- 🔎 Static code analysis engine to find security issues in code.☆1,324Updated last week
- 💀 Don't fear the Reaper 👻☆522Updated 3 weeks ago
- Agile Threat Modeling Toolkit☆667Updated last month
- Tool for building Kubernetes attack paths☆873Updated 2 weeks ago
- Automating situational awareness for cloud penetration tests.☆2,123Updated 2 months ago
- ☆415Updated 2 years ago
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆922Updated this week
- Open Adversary Exposure Validation Platform☆1,040Updated this week
- BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generato…☆376Updated this week
- ☆526Updated last week
- boostsecurityio/poutine☆282Updated this week
- Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.☆1,163Updated this week
- A Pythonic framework for threat modeling☆1,003Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆399Updated this week
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆300Updated this week
- Open-source CVE monitoring and alerting platform☆2,021Updated 3 weeks ago