Dep Scan Tutorial on how to use the repo and build the tool
OWASP dep-scan is a modern security and risk audit tool designed for identifying vulnerabilities, advisories, and license limitations in project dependencies. It supports both local repositories and container images. The tool is particularly suitable for integration in ASPM/VM platforms and CI environments. Key features include scanning for known CVEs, advanced reachability analysis, local vulnerability scanning, generation of SBOM and VDR, and package risk audit. It supports various programming languages and package formats, and offers customization through environment variables. Additionally, it facilitates live OS scanning and license auditing. For detailed information, visit the OWASP dep-scan repository. You can find the repo here: https://github.com/owasp-dep-scan/dep-scan
Comments
Post a Comment