OpenAM VS DependencyCheck

OpenAM

We haven't tracked posts mentioning OpenAM yet.
Tracking mentions began in Dec 2020.

DependencyCheck

• OWASP dependency check (<9.0.0) could fail to work after Dec 15th, 2023
  1 project | /r/programming | 5 Dec 2023
• How To Secure Your JavaScript Applications
  11 projects | dev.to | 14 Jun 2023

  Use Security Tools: To identify known vulnerabilities in your project's dependencies, you can utilize commands like npm audit or employ third-party security scanners such as DependencyCheck or Dependabot. These tools thoroughly analyze the dependency tree and offer actionable insights to assist you in resolving any identified vulnerabilities.

• Do you use dependency analysis and vulnerability detection tools?
  3 projects | /r/learnprogramming | 16 Jan 2023

  OWASP DependencyCheck - a really decent tool for scanning your project for vulnerable dependencies. It is actively developed and updated and up to date with the most latest vulnerabilities. Sometimes it can be a pain in the ass, though. Some security researchers and such find a vulnerability, publish it and the next day our CI/CD pipelines fail (the dependency check build step prevents the code from going to production). And not always there is a fix available. So, some vulnerabilities have to be ignored, temporarily. Also, to be able to ignore a vulnerability one has to do a fast risk assessment. And that will require from him to read about the vulnerability and decide if it is safe to be ignored or some different workaround must be found.

• The ultimate guide to Java Security Vulnerabilities (CVE)
  2 projects | /r/java | 29 Dec 2022

  The ultimate guide somehow fails to mention the best CVE checker: https://github.com/jeremylong/DependencyCheck

• Is Clojure suitable for my use cases?
  10 projects | /r/Clojure | 21 Oct 2022

  We run https://github.com/jeremylong/DependencyCheck over our dependency tree regularly, via this Clojure wrapper: https://github.com/clj-holmes/clj-watson which tells us the dependency tree path to each item that has a CVE and also the version in which the CVE is addressed, if known.

• Gitlab community dependency scanning
  1 project | /r/gitlab | 1 Apr 2022

  We use OWASP dependency-check and pass reports to SonarQube.

• Security in CICD / DevSecOps
  6 projects | /r/devops | 22 Mar 2022

  From OWASP for those class of tools you could look into DependencyCheck and DependencyTrack

• Is there a tool to track CVEs for the software that we use?
  8 projects | /r/sysadmin | 14 Dec 2021
• Does anybody know any good materials for java defensive coding please?.
  4 projects | /r/java | 19 Jun 2021

  DependencyCheck is an open source tool that checks for vulnerabilities in dependencies used within a project. While it is a reactive tool, it's an important one since the code a developer writes is not the only code an application uses.

• Are there any tools I can use to safely upgrade my Nuget packages? What are some strategies I can incorporate?
  2 projects | /r/csharp | 20 May 2021

  One more aspect to consider, although I know it is not the primary ask of the post, is to be sure and run something like dependency check on your repository. There are quite a few vulnerabilities being injected through the packaging process these days.