Send in your ideas. Deadline December 1, 2024
Grant
Theme fund: NGI Zero Core
Start: 2024-04
More projects like this
Measurement

OWASP dep-scan

Security and risk audit tool

OWASP dep-scan is a next-generation Software Composition Analysis (SCA) tool based on known vulnerabilities, advisories, and license limitations for applications, container images, and Linux virtual machines. Powered by abc - AppThreat atom, OWASP blint, and CycloneDX Generator (cdxgen) - dep-scan performs a range of advanced code hierarchy and lifecycle analysis (for example, reachability analysis) to improve precision and reduce false positives, thus helping developers and AppSec people focus on supply chain vulnerabilities and risks that needs real attention.

Dep-scan is purpose-built to be integrated in CI, Vulnerability Management platforms, and air-gapped environments. Dep-scan can perform all the analysis offline, with no code or SBOM leaving your environment. The tool supports generating reports in CycloneDX VDR, OASIS CSAF VEX, HTML, PDF, and Markdown formats.

Run by AppThreat

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.