owasp-dep-scan / dep-scanLinks
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
☆1,176Updated 3 weeks ago
Alternatives and similar repositories for dep-scan
Users that are interested in dep-scan are comparing it to the libraries listed below
Sorting:
- Scan is a free & Open Source DevSecOps tool for performing static analysis based security testing of your applications and its dependenci…☆852Updated 2 years ago
- Scans Software Bill of Materials (SBOMs) for security vulnerabilities☆589Updated 7 months ago
- Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package manager…☆808Updated last week
- Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets☆815Updated 7 months ago
- CI/CD Security Analyzer☆675Updated 8 months ago
- Open Source Package Analysis☆855Updated 6 months ago
- An open source threat modeling tool from OWASP☆1,217Updated last week
- Streamline vulnerability patching with CVSS, EPSS, and CISA's Known Exploited Vulnerabilities. Prioritize actions based on real-time thre…☆677Updated 3 weeks ago
- Open source vulnerability DB and triage service.☆2,352Updated this week
- secureCodeBox (SCB) - continuous secure delivery out of the box☆918Updated this week
- 🔎 Static code analysis engine to find security issues in code.☆1,794Updated this week
- Agile Threat Modeling Toolkit☆706Updated 2 months ago
- SecHub provides a central API to test software with different security tools.☆347Updated this week
- Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.☆1,006Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆763Updated 10 months ago
- A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sp…☆635Updated last week
- CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.☆420Updated 2 weeks ago
- A repo to conduct vulnerability enrichment.☆690Updated this week
- A Pythonic framework for threat modeling☆1,056Updated last week
- Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…☆3,308Updated last week
- GuardDog is a CLI tool to Identify malicious PyPI and npm packages☆845Updated last week
- 💀 Don't fear the Reaper 👻☆640Updated last week
- Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.☆554Updated last month
- ☆543Updated last week
- SecObserve is an open source vulnerability and license management system for software development teams and cloud environments. It suppor…☆189Updated this week
- Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streaml…☆394Updated this week
- A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles☆544Updated 5 months ago
- blint is a Binary Linter that checks the security properties and capabilities of your executables. It can also generate a Software Bill-o…☆416Updated last week
- Vulnerable app with examples showing how to not use secrets☆1,366Updated this week
- OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…☆434Updated last week