413 Open source projects that are alternatives of or similar to dependency-check-py

LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Check CPAN modules for known security vulnerabilities

ruby gem to check for missed NPM dependencies

Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation

🐞 Primitive Erlang Security Tool

Advanced vulnerability scanning with Nmap NSE

Web Application Security Scanner Framework

grep rough audit - source code auditing tool

Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.

SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈

A simple tool for interacting with OWASP ZAP from the commandline.

System Optimizer and Monitoring, Security Auditing, Vulnerability scanner for Linux, macOS, and UNIX-based systems

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

Software Component Verification Standard (SCVS)

cve-search - a tool to perform local searches for known vulnerabilities

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

This is the official main repository for the Assimilation project

Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.

Basic Primitives Diagrams for React. Data visualization components library that implements organizational chart and multi-parent dependency diagrams.

POC about usage of JSON Web Tokens (JWT) in a secure way.

FUNDED is a novel learning framework for building vulnerability detection models.

Framework for Testing WAFs (FTW!)

Webpack plugin to easily get assets dependency graph based on entry point

Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects

Packet communication investigator

fill-in your command and execute

A place for documenting threats and mitigations related to containers orchestrators (Kubernetes, Swarm etc)

OWASP Dependency Track API client for intergration into CI/CD pipeline

Docker repository for OWTF (64-bit Kali)

Misc. Public Reports of Penetration Testing and Security Audits.

Central Processing Unit Information Gathering Tool

A web spider for shodan.io without using the Developer API.

SMTP and IMAP checker / cracker for mailpass combolists with a user-friendly GUI, automated inbox test and many more features.

Making CoreOS' Clair easily work in CI/CD pipelines

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

A simple tool to detect outdated shared libraries

Find secrets on any machine from over 120 Different Signatures.

⚡️ Docker official image for Wallarm Node. API security platform agent.

OWASP ZAP addon for finding vulnerabilities in JWT Implementations

A Linux Host-based Intrusion Detection System based on eBPF.

VOIP Security Audit Framework

A light-weight app to audit and inventory large codebases for open source license compliance.

Smart Contract Vulnerability Detection Using Graph Neural Networks (IJCAI-20 Accepted)

The home of WhiteSource's Merge Confidence feature, for Renovate and WhiteSource Remediate

Wazuh - Puppet module

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

Evaluation Framework for Dependency Analysis (EFDA)

A web application that contains several unit tests for the purpose of .NET security

Github mirror of "mediawiki/tools/phan/SecurityCheckPlugin" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing)

Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.

Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.

SEC分布式资产扫描系统

Port of "DR.CHECKER : A Soundy Vulnerability Detection Tool for Linux Kernel Drivers" to Clang/LLVM 10 and Linux Kernel