Displaying 1 to 9 from 9 results

Dependency-Track - Intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain

  •    Java

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.

dependency-check-plugin - Jenkins plugin for OWASP Dependency-Check

  •    Java

Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top 10 2013: A9 - Using Components with Known Vulnerabilities. This plug-in can independently execute a Dependency-Check analysis and visualize results.

nist-data-mirror - A simple Java command-line utility to mirror the CVE XML and JSON data from NIST.

  •    Java

NIST Data Mirror is a Java command-line utility that mirrors the NVD CPE/CVE XML and JSON data from NIST. The intended purpose of nist-data-mirror is to be able to replicate the NIST vulnerabiity data inside a company firewall so that local (faster) access to NIST data can be achieved.

nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc

  •    Go

A collection of tools for working with National Vulnerability Database feeds. You need a properly setup Go environment.

cve-check-tool - Original Automated CVE Checking Tool

  •    C

cve-check-tool, as its name suggests, is a tool for checking known (public) CVEs. The tool will identify potentially vunlnerable software packages within Linux distributions through version matching. Where possible it will also seek to determine (through a distribution implemention) if a vulnerability has been addressed by way of a patch. CVEs are only ever potential - due to the various policies of various distributions, and indeed semantics in versioning within various projects, it is expected that the tool may generate false positives.

sbt-dependency-check - SBT Plugin for OWASP DependencyCheck

  •    Scala

The sbt-dependency-check plugin allows projects to monitor dependent libraries for known, published vulnerabilities (e.g. CVEs). The plugin achieves this by using the awesome OWASP DependencyCheck library which already offers several integrations with other build and continuous integration systems. For more information on how OWASP DependencyCheck works and how to read the reports check the project's documentation. sbt-dependency-check is an AutoPlugin, so you need sbt 0.13.5+. Simply add the plugin to project/plugins.sbt file.

iva - IVA is a system to scan for known vulnerabilities in software products installed inside an organization

  •    Python

IVA is a system (written in Python 3) to automate the process of finding possible vulnerabilities in software products installed inside an organization. It receives as input a list of software products (the inventory) in JSON format. Each JSON document contains three attributes: vendor, product, and version. IVA retrieves the software inventory from a GLPI database (GLPI is currently the only DB supported by IVA). To find possible vulnerabilities for the software products, IVA employs the CPE dictionary and the CVE feeds. First, IVA provides a list of CPE candidates that match a software product. Once a CPE is assigned to a product, IVA searches for CVEs that possibly match the assigned CPE. IVA also generates alerts (in case the user confirms a CVE as match for a product) and allows to send, via SMTP, notifications about the vulnerable software.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.