ossindex-maven-plugin

It is an offensive tool for dependency audit. The primary CVE ID is not present in the provided context. The target product/service or framework is Maven, and the vulnerability class/vector is dependency audit. Notable dependencies/tooling include the OSS Index REST API v2.0. The execution contex...

Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

bomber is an application that scans SBOMs for security vulnerabilities. Overview So you've asked a vendor for an Software Bill of Materials SBOM for one of their closed source products, and they provided one to you in a JSON file... now what? The first thing you're going to want to do is see if a...

UPDATE: OWASP Dependency-Check 5.0.0

PenTestIT RSS Feed My first post about this open source OWASP project was about an older version. About 18 hours ago, a new version was released. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP...

Multi Purpose DevOps Security Auditing Tool: DevAudit

Multi Purpose DevOps Security Auditing Tool DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and DevOps practitioners that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array of auditing...