DependencyCheck VS edex-ui

Use Security Tools: To identify known vulnerabilities in your project's dependencies, you can utilize commands like npm audit or employ third-party security scanners such as DependencyCheck or Dependabot. These tools thoroughly analyze the dependency tree and offer actionable insights to assist you in resolving any identified vulnerabilities.

OWASP DependencyCheck - a really decent tool for scanning your project for vulnerable dependencies. It is actively developed and updated and up to date with the most latest vulnerabilities. Sometimes it can be a pain in the ass, though. Some security researchers and such find a vulnerability, publish it and the next day our CI/CD pipelines fail (the dependency check build step prevents the code from going to production). And not always there is a fix available. So, some vulnerabilities have to be ignored, temporarily. Also, to be able to ignore a vulnerability one has to do a fast risk assessment. And that will require from him to read about the vulnerability and decide if it is safe to be ignored or some different workaround must be found.

The ultimate guide somehow fails to mention the best CVE checker: https://github.com/jeremylong/DependencyCheck

We run https://github.com/jeremylong/DependencyCheck over our dependency tree regularly, via this Clojure wrapper: https://github.com/clj-holmes/clj-watson which tells us the dependency tree path to each item that has a CVE and also the version in which the CVE is addressed, if known.

We use OWASP dependency-check and pass reports to SonarQube.

From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack

DependencyCheck is an open source tool that checks for vulnerabilities in dependencies used within a project. While it is a reactive tool, it's an important one since the code a developer writes is not the only code an application uses.

One more aspect to consider, although I know it is not the primary ask of the post, is to be sure and run something like dependency check on your repository. There are quite a few vulnerabilities being injected through the packaging process these days.

wget https://github.com/GitSquared/edex-ui/releases/download/v2.2.8/eDEX-UI-Linux-x86_64.AppImage ; chmod +x eDEX* ; ./eDEX*

Ok, say you are a bit of a nerd and you love to stay "focuced" on whatever you are doing. These days, a bunch of windows tend to distract you and before you know it you are off surfing for kittens on the internet. Enter Edex UI, a nerdy "shell" on top of your Windows/Mac/Linux interface that gives you access to the command line AND to your files. The interface is very very nerdy (think 1999's Hackers) and you do need to know how to run some command line apps (or you can go for applications like Micro and Tilde to use as a text editor). The result? Supernerdy, distraction free interface that will get you a LOT of eyeballs if you decide to use it in the local Starbucks. Easy peasy to install https://github.com/GitSquared/edex-ui

Looks really cool! Gives me similar vibes as EDEX-UI[1]

[1] https://github.com/GitSquared/edex-ui

use Edex UI to make em think ur tony stark or some shit

eDEX-UI

eDEX-UI is the best way to give it a cyberpunk feeling.

edex-ui/screenshot_horizon.png at master · GitSquared/edex-ui · GitHub

wget https://github.com/GitSquared/edex-ui/releases/download/v2.2.8/eDEX-UI-Linux-x86_64.AppImage chmod +x eDEX-UI-Linux-x86_64.AppImage ./eDEX-UI-Linux-x86_64.AppImage