Security News > 2024 > May > OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies.
Depscan utilizes cdxgen to produce Software Bill-of-Materials, which allows us to support many different languages and source code configurations.
It offers result exports into customizable Jinja reports as well as JSON documents in a couple of standards, including: CycloneDx Vulnerability Disclosure Report and Common Security Advisory Framework 2.0.
Deep packages risk audit for dependency confusion attacks and maintenance risks.
Future development and download. Russell told us that the team is working towards OWASP dep-scan 6.0 which they intend to release near the end of the year.
Is an open-source AI vulnerability next? OWASP dep-scan: Open-source security and risk audit tool Ebury botnet compromises 400,000+ Linux servers Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb The critical role of IT staffing in strengthening cybersecurity.
News URL
https://www.helpnetsecurity.com/2024/05/16/owasp-dep-scan-open-source-security-risk-audit-tool/
Related news
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)