Security News > 2024 > May > OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.
Depscan utilizes cdxgen to produce Software Bill-of-Materials, which allows us to support many different languages and source code configurations.
It offers result exports into customizable Jinja reports as well as JSON documents in a couple of standards, including: CycloneDx Vulnerability Disclosure Report and Common Security Advisory Framework 2.0.
Deep packages risk audit for dependency confusion attacks and maintenance risks.
Future development and download. Russell told us that the team is working towards OWASP dep-scan 6.0 which they intend to release near the end of the year.
Is an open-source AI vulnerability next? OWASP dep-scan: Open-source security and risk audit tool Ebury botnet compromises 400,000+ Linux servers Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb The critical role of IT staffing in strengthening cybersecurity.
News URL
https://www.helpnetsecurity.com/2024/05/16/owasp-dep-scan-open-source-security-risk-audit-tool/
Related news
- Open source maintainers: Key to software health and security (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Major security audit of critical FreeBSD components now available (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)