PenTestIT RSS Feed
My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 3.0.0! This release comes with Java 9 compatibility and regular expression support for the Hint Analyzer.
What is OWASP Dependency-Check?
> OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. It can currently be used to scan Java and .NET applications to identify the use of known vulnerable components with experimental analyzers for Python, Ruby, PHP (composer), and Node.js applications. Additionally, OWASP Dependency-Check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.
Download OWASP Dependency-Check 3.0.0 (DependencyCheck-3.0.0.zip/DependencyCheck-3.0.0.tar.gz) and other related plugins here.