Dep-scan memory-safety risk analysis
Static analysis to identify memory-safety issues
Memory-safety and memory-safe languages are gaining momentum. Thanks to modern compilers and build toolchains, these languages enable automated safety checks with a combination of static analysis, fuzzing, and tracing libraries. The goal of this project is to enhance dep-scan and its dependent libraries (atom, blint, and chen) to identify components with memory-safety risks through static analysis (of source and binary). With this approach, the SBoM and VDR generated will automatically include details and evidence about components with memory-safety risks - leading to more proactive and focused risk management. For instance, not every module offered by a legacy library could have memory-management related weaknesses. And using a vulnerable library doesn't mean an application is actually using that library in an unsafe manner.
- The project's own website: https://github.com/owasp-dep-scan/dep-scan
Run by AppThreat
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).