OWASP Depedency Checker support for both C and C++ codebase

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

https://owasp.org/www-project-dependency-check/

Apache License 2.0

6.34k stars 1.26k forks source link

OWASP Depedency Checker support for both C and C++ codebase #6723

Closed pentesty closed 2 months ago

pentesty commented 3 months ago

Hi Team,

Our requirement is to scan repositories for Software Composition Analysis (SCA) and we are looking after a tool which does this task for both C and C++ codebase. Can you please confirm if Dependency Checker does support both C and C++ codebase for SCA.

Regards, Vicky

jeremylong commented 3 months ago

poorly - and only if they use CMake. See https://jeremylong.github.io/DependencyCheck/analyzers/cmake.html