Description

Dependency-Check is an open source application security tool used to identify dependencies in software applications, and then to detect any known, publicly disclosed, vulnerabilities associated with those dependencies. It is designed to be used by developers, security auditors and application security professionals, to identify and report on known security vulnerabilities and exposures. Dependency-Check is capable of scanning a variety of different programming languages and package managers, including Java, .NET, Python, Node.js, Ruby, and PHP. It also supports the scanning of several different types of package managers, such as Maven, NuGet, and npm. The tool can be run as a command line tool, an Ant task, or a Maven plugin. It also supports the integration of its results with various third-party tools such as Jenkins, SonarQube, and Micro Focus Fortify on Demand. Dependency-Check provides a reliable way to detect known vulnerabilities in open source components and third-party libraries used in applications. This helps to secure applications and systems, as well as to ensure compliance with industry standards and regulations.

Categories