PenTestIT RSS Feed
My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 5.0.0, which includes a lot of bug fixes and enhancements.
What is OWASP Dependency-Check?
> OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. It can currently be used to scan Java and .NET applications to identify the use of known vulnerable components with experimental analyzers for Python, Ruby, PHP (composer), and Node.js applications. Additionally, OWASP Dependency-Check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.
The OWASP Dependency-Check 5.0.0 release is a major release with many breaking changes;
spring-boot-starter-security 2.1.5
- CPE for spring_security:2.1.5
Download OWASP Dependency-Check 5.0.0 (DependencyCheck-5.0.0.zip/DependencyCheck-5.0.0.tar.gz) and other related plugins here.
The post UPDATE: OWASP Dependency-Check 5.0.0 appeared first on PenTestIT.