Software Alternatives, Accelerators & Startups

Dependency-Check

Dependency-Check is a utility that identifies project dependencies and checks if there are any...

Dependency-Check

Dependency-Check Reviews and Details

This page is designed to help you find out whether Dependency-Check is good and if it is the right choice for you.

Screenshots and images

  • Dependency-Check Landing page
    Landing page //
    2021-09-13

Features & Specs

  1. Open Source

    Dependency-Check is an open-source tool, which means it is freely accessible and can be modified and distributed by anyone under the terms of its license.

  2. OWASP Backing

    Being a project under the OWASP umbrella, Dependency-Check benefits from a reputable organization dedicated to improving software security, ensuring quality and reliability.

  3. Comprehensive Vulnerability Database

    It uses the National Vulnerability Database (NVD) and other sources to identify known vulnerabilities, providing a wide coverage of potential threats across dependencies.

  4. Integration Capabilities

    Dependency-Check can be easily integrated with various CI/CD pipelines, IDEs, and build tools, enhancing its usability across different environments and workflows.

  5. Multiple Formats Support

    It supports scanning dependencies from multiple formats like Maven, Gradle, and Jenkins, accommodating diverse project setups.

Badges

Promote Dependency-Check. You can add any of these badges on your website.

SaaSHub badge
Show embed code

Videos

We don't have any videos for Dependency-Check yet.

Social recommendations and mentions

We have tracked the following product recommendations or mentions on various public social media platforms and blogs. They can help you see what people think about Dependency-Check and what they use it for.
  • Snyk Open Source vs Snyk Code: Key Differences
    Snyk Open Source competes primarily with Dependabot (GitHub's free dependency scanner), OWASP Dependency-Check, Mend Renovate, and Black Duck. - Source: dev.to / 4 months ago
  • DevSecOps Is Broken (and We All Kinda Know It)
    OWASP Dependency-Check free and CI-friendly, perfect for catching risky libraries early. - Source: dev.to / 9 months ago
  • An NPM dependency check list
    9 Finally, before committing to integrating the package, if there are any doubts it might be worth checking the package with the OWASP Dependency Checker. - Source: dev.to / 10 months ago
  • Top Dependency Scanners: A Comprehensive Guide
    OWASP Dependency-Check represents the leading open-source tool for dependency vulnerability scanning. - Source: dev.to / 10 months ago
  • OWASP Dependency Check in Node js ๐Ÿ›ก๏ธ
    OWASP Dependency Check is a tool that analyzes dependencies and checks for known issues. You can access it through the following link: Https://owasp.org/www-project-dependency-check. - Source: dev.to / about 2 years ago
  • SQL Injection Isn't Dead Yet
    To detect these types of vulnerabilities, we should first and foremost know our dependencies and versions, and which of them have vulnerabilities. The OWASP Top 10 2021 identifies this need as A06:2021-Vulnerable and Outdated Components. OWASP has several tools for this, including Dependency Check and Dependency Track. These tools will warn about the use of components with vulnerabilities. - Source: dev.to / over 2 years ago
  • Build and Push to GAR and Deploy to GKE - End-to-End CI/CD Pipeline
    You can scan your code repositories using OWASP Dependency-Check within a Harness pipeline. Within the gar-build-and-push stage, click on + Add Step โ†’ Add Step before the BuildAndPushGAR step. From the step library, find Owasp under the Security Tests section. - Source: dev.to / over 2 years ago
  • How rapidly Spring is changing?
    Build tools, ie Maven, can provide information about available updates (ie mvn versions:display-dependency-updates) also it may be usefull to check your dependencies againts know voulnerabillities (ie Https://owasp.org/www-project-dependency-check/). Source: over 3 years ago
  • Deep dive into Amazon Inspector for AWS Lambda
    In this article we looked at the functionality on the Amazon Inspector for AWS Lambda functions, how the scanning functions can be activated. After that we looked into scan results and what information it provides to us to remediate the detected vulnerabilities. Of course there are other tools available in this area like OWASP Dependency-Check or Snyk which are mostly designed to be integrated in CI/CD process.... - Source: dev.to / over 3 years ago
  • Uncomplicating cloud Security โ€” Infrastructure Protection (Part 4)
    Cloud security vulnerabilities are a significant concern and they come in many shapes and sizes. One type of vulnerability that is particularly concerning is code dependency vulnerabilities. These vulnerabilities arise when an application or system relies on a third-party code library or module that contains a security flaw. If this flaw is not discovered and addressed, it can be exploited by attackers to gain... - Source: dev.to / over 3 years ago
  • Implement DevSecOps to Secure your CI/CD pipeline
    OWASP Dependency-Check a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries. We can also publish our SBOM report to Dependency-Track and... - Source: dev.to / almost 4 years ago
  • Log4j: The Pain Just Keeps Going and Going
    Put a dependency check in your builds. Raise build errors when something is bad. Have it build on a regular basis (could be every month)... And then fix things. https://owasp.org/www-project-dependency-check/ And some examples - https://jeremylong.github.io/DependencyCheck/dependency-check-maven/. - Source: Hacker News / almost 4 years ago
  • Keeping Up With Vulnerable Third-Party Libraries
    Use a tool like OWASP Dependency-Check to detect high-risk CVEs in your dependencies. Source: about 4 years ago
  • Keeping Up With Vulnerable Third-Party Libraries
    I use OpenCVE for alerts but it doesn't have everything for full coverage we have whitesource hooked into our CI pipelines. OWASP dependency check is a free alternative: https://owasp.org/www-project-dependency-check/. Source: about 4 years ago
  • What are some useful static analyzers for Java?
    This one has proved very useful - OWASP dependency checker - downloads the NVD and crosschecks any CVEs to dependencies you use: https://owasp.org/www-project-dependency-check/. Source: over 4 years ago
  • Log4J โ€“ A 10 step mitigation plan
    Make sure you know what you are running on your platform. The Software Bill of Materials (SBoM) describes all the various software components on which your system is based. If you keep an active track of your SBoM with tools like OWASP dependencyTrack, it becomes easier to know whether software you are using is vulnerable. Additionally there are great open-source tools, like the OWASP Dependency Checker, Trivy,... - Source: dev.to / over 4 years ago
  • Is there a tool to track CVEs for the software that we use?
    Project site: https://owasp.org/www-project-dependency-check/. Source: over 4 years ago
  • Log4j RCE Found
    When I started working with Scala, it really surprised me how the JVM world deals with dependencies (include an upstream jar directly in the project, as opposed to the Linux distro model where you use your distributor packages so you have security and bug fixes). I'm a big fan of Dependency Check[1]. There are hosted services that can give you security scans, but if you don't have access to that (some have a cost)... - Source: Hacker News / over 4 years ago
  • OWASP Top Ten and Software Composition Analysis (SCA)
    The first option we have studied is the approach used in OWASP Dependency Check. The approach is simple โ€” for each dependency, this utility searches for a corresponding identifier in the CPE (Common Platform Enumeration) database. In fact, the CPE database is a list with information about products, their versions, vendors, and so on. To implement SCA, we must obtain CPE and CVE correspondences. Thus, getting a CVE... - Source: dev.to / over 4 years ago
  • OWASP Top 10 for Developers: Using Components with Known Vulnerabilities
    In order to prevent this issue, your organization needs to implement regular checks of your dependencies against the CVE database for known vulnerabilities, as well as establishing a process for keeping all dependencies up-to-date. Fortunately, much of this can be automated using vulnerability scanning tools, such as the OWASP Dependency Check, RetireJS, or Brakeman. Additional tools, such as WhiteSource's... - Source: dev.to / about 5 years ago
  • An Incomplete List of Practical Security for Mortals
    Consider using tools such as OWASP Dependency Check, License Plugin or even more complex tools such as Black Duck. - Source: dev.to / about 5 years ago

Do you know an article comparing Dependency-Check to other products?
Suggest a link to a post with product alternatives.

Suggest an article

Dependency-Check discussion

Log in or Post with

Is Dependency-Check good? This is an informative page that will help you find out. Moreover, you can review and discuss Dependency-Check here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.