Security News > 2024 > May > OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.
Depscan utilizes cdxgen to produce Software Bill-of-Materials, which allows us to support many different languages and source code configurations.
It offers result exports into customizable Jinja reports as well as JSON documents in a couple of standards, including: CycloneDx Vulnerability Disclosure Report and Common Security Advisory Framework 2.0.
Deep packages risk audit for dependency confusion attacks and maintenance risks.
Future development and download. Russell told us that the team is working towards OWASP dep-scan 6.0 which they intend to release near the end of the year.
Is an open-source AI vulnerability next? OWASP dep-scan: Open-source security and risk audit tool Ebury botnet compromises 400,000+ Linux servers Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb The critical role of IT staffing in strengthening cybersecurity.
News URL
https://www.helpnetsecurity.com/2024/05/16/owasp-dep-scan-open-source-security-risk-audit-tool/
Related news
- Establishing a security baseline for open source projects (source)
- BLint: Open-source tool to check the security properties of your executables (source)
- Open-source security in AI (source)
- Enhancing security through collaboration with the open-source community (source)
- SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting (source)
- Cilium: Open-source eBPF-based networking, security, observability (source)