Security News > 2024 > May > OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.
Depscan utilizes cdxgen to produce Software Bill-of-Materials, which allows us to support many different languages and source code configurations.
It offers result exports into customizable Jinja reports as well as JSON documents in a couple of standards, including: CycloneDx Vulnerability Disclosure Report and Common Security Advisory Framework 2.0.
Deep packages risk audit for dependency confusion attacks and maintenance risks.
Future development and download. Russell told us that the team is working towards OWASP dep-scan 6.0 which they intend to release near the end of the year.
Is an open-source AI vulnerability next? OWASP dep-scan: Open-source security and risk audit tool Ebury botnet compromises 400,000+ Linux servers Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb The critical role of IT staffing in strengthening cybersecurity.
News URL
https://www.helpnetsecurity.com/2024/05/16/owasp-dep-scan-open-source-security-risk-audit-tool/
Related news
- Vanir: Open-source security patch validation for Android (source)
- Sara: Open-source RouterOS security inspector (source)
- What’s Next for Open Source Software Security in 2025? (source)
- GitHub CISO on security strategy and collaborating with the open-source community (source)
- CERT-UA warns against “security audit” requests via AnyDesk (source)
- Fleet: Open-source platform for IT and security teams (source)
- CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits (source)