Dependency Check is a popular open-source security scanning tool from OWASP and Jeremy Long. Dependency Check is excellent at finding third-party libraries used by a codeline which contain known vulnerabilities. Dependency Check uses the NVD data feeds to check for the latest known vulnerabilities.
Security Stage | SCA (Software Composition Analysis) |
Type | OpenSource |
Languages | Java, .Net, Python, Ruby, PHP, Node.js, C/C++ |
Site | https://jeremylong.github.io/DependencyCheck/ |
Pre-requisite
1 | You'll need a Git address to scan |
How do I set it up?
Adding OWASP Dependency to your set of security tests makes sense when you are checking source code repos. You will add this testing tool to a version (security stage) that is set up to run static code analysis tests.
Now any time you click 'Test Now' with this ToolKit, or make a request over the Uleska API or CLI with this ToolKit, the OWASP Dependency Check tool will be included in the test run and any results added to your vulnerabilities list.
Notes
The Uleska Platform does not currently set suppression files for the OWASP Dependency Check tool, instead users can set any found issues as false positives using the Uleska vulnerability management UI.