Introduce OWASP Dependency-Check

XMLWordPrintable

    • Type: New Feature
    • Resolution: Done
    • Priority: Normal
    • 9.5.0
    • Affects Version/s: 9.0.1
    • Component/s: General
    • None

      Introduce OWASP Dependency-Check to avoid security vulnerabilities.

      https://owasp.org/www-project-dependency-check/

      OWASP Dependency-Check

      Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency. If found, it will generate a report linking to the associated CVE entries.

      Introduction

      The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

            Assignee:
            rudyhuang
            Reporter:
            rudyhuang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 3 days
                3d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 days, 5 hours Time Not Required
                2d 5h