Is there a tool to track CVEs for the software that we use?

This page summarizes the projects mentioned and recommended in the original post on /r/sysadmin

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  • CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • PMD

    An extensible multilanguage static code analyzer.

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • Error Prone

    Catch common Java mistakes as compile-time errors

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • vulnmine

    Vulnmine searches for vulnerable hosts using MS SCCM host / software inventory data with NIST NVD Vulnerability feed data.

    It is hard. Look at vulmine and the logic behind it for feeding SCCM reports into it.

  • opencve

    CVE Alerting Platform

    there's also https://www.opencve.io/ which can be selfhosted if wanted

  • openvas-scanner

    This repository contains the scanner component for Greenbone Community Edition.

    I don't recommend cheaping out on vuln scanning, but if you really can't get any money there's always OpenVAS. That will allow you to do credentialed scanning and track vulnerabilities in your environment. It's no real substitute for Tenable or similar, but it's better than nothing.

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    Hi, Wazuh employee here! I think that you might be interested in implementing Wazuh in your company, it's an open-source SIEM that allows you to monitor not only the CVEs that could affect the software that your company uses, but also misconfigurations that could lead to attacks from malicious actors, intrusion detection -such as detecting brute-forcing attacks-, and many other interesting capabilities.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Enforcing Coding Best Practices using CI

    7 projects | dev.to | 30 May 2021
  • JVM/Java: Null-Restricted and Nullable Types

    3 projects | news.ycombinator.com | 2 Aug 2024
  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024
  • My Thoughts on “Bad Code”

    1 project | news.ycombinator.com | 17 Mar 2023
  • Will Project Valhalla bring Kotlin-like nulls to Java?

    1 project | /r/Kotlin | 9 Feb 2023

Did you konow that Java is
the 8th most popular programming language
based on number of metions?