software-composition-analysis

Here are 11 public repositories matching this topic...

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities

javascript chrome-extension security scanner grunt-plugins firefox-extension build-tool vulnerabilities software-composition-analysis vulnerable-libraries insecure-libraries

Updated Jul 26, 2020
JavaScript

jeremylong / DependencyCheck

Star

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

security security-audit maven-plugin jenkins-plugin gradle-plugin build-tool ant-task vulnerability-detection software-composition-analysis

Updated Jul 22, 2020
Java

nexB / scancode-toolkit

Star

🔎 ScanCode detects licenses, copyrights, package manifests & dependencies and more by scanning code ... to discover and inventory open source and third-party packages used in your code.

licensing packages open-source-licensing foss scan provenance compliance dependencies license spdx spdx-license copyright license-management spdx-licenses license-checking license-scan package-scan copyright-scan software-composition-analysis oss-compliance

Updated Jul 27, 2020
C

DependencyTrack / dependency-track

Star

Dependency-Track is an intelligent Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Updated Jul 27, 2020
Java

albuch / sbt-dependency-check

Star

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

security scala sbt static-analysis owasp sbt-plugin vulnerabilities cve appsec nvd software-security owasp-dependencycheck vulnerability-scanners software-composition-analysis

Updated Jul 3, 2020
Scala

stevespringett / nist-data-mirror

Star

A simple Java command-line utility to mirror the CVE JSON data from NIST.

java nist cve cpe appsec nvd sca software-security software-composition-analysis

Updated Mar 16, 2020
Java

jhermann / dependency-check-py

Star

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

python security security-audit dependency-analysis owasp cli-utility vulnerability-detection software-supply-chain cve-scanning software-composition-analysis

Updated Feb 17, 2020
Python

stevespringett / vulndb-data-mirror

Star

A simple Java command-line utility to mirror the entire contents of VulnDB.

java vulndb cve appsec sca software-security software-composition-analysis

Updated Jul 17, 2020
Java

ozonru / dtrack-audit

Star

OWASP Dependency Track API client for intergration into CI/CD pipeline

security component-analysis security-tools software-composition-analysis

Updated Jan 20, 2020
Go

ozonru / cyclonedx-go

Star

Creates CycloneDX Software Bill-of-Materials (SBOM) from Go projects. So you can use it with DependencyTrack to monitor security issues in 3rd party modules.

security bom component-analysis security-tools software-composition-analysis bill-of-materials sbom cyclonedx