Our great sponsors
-
cdxgen
Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
-
atom
Atom is a novel intermediate representation for applications and a standalone tool that is powered by chen. (by AppThreat)
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
dep-scan
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Today, it gives me great pleasure to announce OWASP dep-scan v5. Like everyone, I was constantly frustrated with the amount of false positives generated by all Software Composition Analysis tools (including mine) and wanted to do something. I worked closely with a few colleagues (Caroline, Tim, Saket, and David) for a year to build the various capabilities that together form depscan v5.
Today, it gives me great pleasure to announce OWASP dep-scan v5. Like everyone, I was constantly frustrated with the amount of false positives generated by all Software Composition Analysis tools (including mine) and wanted to do something. I worked closely with a few colleagues (Caroline, Tim, Saket, and David) for a year to build the various capabilities that together form depscan v5.
Depscan v5 is the first opensource SCA tool that can perform precision reachability analysis for Java, JavaScript/TypeScript, and Python applications to triage and prioritize the results. We invented an automatic symbols tagger, a lightweight data-flow analyzer, and a static slicer to compute all reachable flows with or without vulnerabilities. We open-sourced all our work, including the specification.