Top 11 Open-Source Alternatives to OWASP Dependency-Check

OWASP Dependency-Check

OWASP dependency-check is open-source and can be used to scan Java and .NET applications via the CLI or using plugins.Read articles Continuous Security with OWASP Dependency Check and Integrating OWASP Dependency Check with Jenkins to CI/CD. subtitle

Product categories

AML Clean Code Code Analysis Code Coverage Code Quality Code Review Developer Tools Open Source Security Security Monitoring Software Development Web Application Security

Summary

The top open-source alternatives to OWASP Dependency-Check are Snyk, SonarQube, and Dependency-Check. One of the criteria for ordering this list is the number of mentions that products have on reliable external sources. You can suggest additional sources through the form here.

Snyk Landing Page
1

Snyk

Snyk helps you use open source and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and much more.
Pricing:
- Open Source
#Security #Security Monitoring #Security CI 85 social mentions
SonarQube Landing Page
2

SonarQube

SonarQube, a core component of the Sonar solution, is an open source, self-managed tool that systematically helps developers and organizations deliver Clean Code.
Pricing:
- Open Source
- Freemium
- Free Trial
- $150.0 / Annually
#Code Analysis #Code Review #Code Coverage 1 social mentions
Dependency-Check Landing Page
3

DC

Dependency-Check

Dependency-Check is a utility that identifies project dependencies and checks if there are any...
Pricing:
- Open Source
#Security #Software Development #Code Analysis 16 social mentions
OWASP Dependency-Track Landing Page
4

OWASP Dependency-Track

OWASP Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows...
Pricing:
- Open Source
#Security #Code Analysis #Security & Privacy 19 social mentions
SonarCloud Landing Page
5

SonarCloud

Enhance your workflow with continuous code quality, SonarCloud automatically analyzes and decorates pull requests on GitHub, Bitbucket, Azure DevOps and GitLab on major languages.
Pricing:
- Open Source
- Freemium
- Free Trial
- €10.0 / Monthly (100,000 Lines of Code)
#Developer Tools #DevOps Tools #SAST 12 social mentions
ESLint Landing Page
6

ESLint

The fully pluggable JavaScript code quality tool
Pricing:
- Open Source
#Code Coverage #Developer Tools #Code Quality 229 social mentions
Semgrep Landing Page
7

Semgrep

Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time.
Pricing:
- Open Source
#Code Analysis #Code Coverage #Code Quality 7 social mentions
SpotBugs Landing Page
8

SpotBugs

Static Application Security Testing (SAST)
Pricing:
- Open Source
#Code Analysis #Code Review #Web Application Security 3 social mentions
FOSSA Landing Page
9

FOSSA

Open source license compliance and dependency analysis
Pricing:
- Open Source
#Security #Code Analysis #Web Application Security 7 social mentions
NewReleases Landing Page
10

NewReleases

Stop wasting your time checking manually if some piece of software is updated. Get Email, Slack, Telegram, Discord, Hangouts Chat, Microsoft Teams, Mattermost, Rocket.Chat, or Webhooks notifications.
Pricing:
- Open Source
- Free
#Software Development #News #DevOps Services 18 social mentions
Sumsub Landing Page
11

Sumsub

One verification platform to secure the whole user journey
Pricing:
- Open Source
- Paid
- Free Trial
#Identity Verification And Protection #Security #Identity Verification 8 social mentions