OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and use in CI environments. OWASP dep-scan features Caroline Russell, Staff Security Engineer at AppThreat, outlines the most important features: Depscan utilizes cdxgen to produce Software Bill-of-Materials (SBOMs), which allows us to support many different … More
The post OWASP dep-scan: Open-source security and risk audit tool appeared first on Help Net Security.