OWASP dep-scan: Open-source security and risk audit tool

OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and use in CI environments. OWASP dep-scan features Caroline Russell, Staff Security Engineer at AppThreat, outlines the most important features: Depscan utilizes cdxgen to produce Software Bill-of-Materials (SBOMs), which allows us to support many different … More →

The post …

appthreat aspm assessment audit container container images dependencies don't miss environments features github hot stuff images information input integration licensing local making open source owasp platforms project repositories restrictions risk risk assessment risk audit scan security software staff suitable tool vulnerabilities