owasp-dep-scan dep-scan issues

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

https://owasp.org/www-project-dep-scan/

MIT License

933 stars 94 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Bug: Missing JSON report when running as Dockerized

#318 kaiorafael opened 14 hours ago
0
[v6] binary download is not reported for phantomjs-prebuilt

#317 prabhu opened 3 days ago
0
CVE-2019-18413 flagged as critical

#316 prabhu opened 1 week ago
0
False-Positive: CVE-2022-24304 rejected by NVD

#315 prabhu opened 1 week ago
0
Golang binaries are not scanned from within containers

#314 lm-sig opened 2 weeks ago
1
Risk audit improvements

#313 prabhu closed 1 week ago
1
[docs] Lessons for analyzing common vulnerable repos

#312 prabhu opened 3 weeks ago
0
Feature/default risk audit

#311 prabhu closed 3 weeks ago
0
Bug: Empty reachability report

#310 zhcoden opened 3 weeks ago
1
Update container packages

#309 prabhu closed 3 weeks ago
0
False-Positive: dotnet: System.Texts.Encodings.Web

#308 Geertkok1 closed 4 weeks ago
5
[v6] choices for reachability analysis

#307 prabhu opened 1 month ago
0
Update vdb. Fix version was missing for certain packages for osv

#306 prabhu closed 1 month ago
0
[Fix] Dockerfile - almalinux build is broken and make python version an argument

#305 aryan-rajoria closed 1 month ago
0
[container] almalinux 9.3 builds are broken

#304 prabhu closed 1 month ago
0
pypi redis:redis bug fixed in v6

#303 prabhu closed 1 month ago
0
depscan was reporting redis:redis for pypi:redis

#302 prabhu closed 1 month ago
0
[risk-audit] Detect use of Trusted publisher

#301 prabhu opened 2 months ago
0
Bug: Reachability scan fails

#300 sjpritchard opened 2 months ago
3
cargo:http is yielding a lot of false positives

#299 prabhu opened 2 months ago
0
Update cdxgen to bring go purl compatibility fixes

#298 prabhu closed 2 months ago
0
Update cdxgen to bring go purl compatibility fixes

#297 prabhu closed 2 months ago
0
[cdxgen 10.3.x] Breaking changes in cdxgen for go and npm

#296 prabhu closed 2 months ago
1
Aliases for dotnet runtime

#295 prabhu closed 2 months ago
0
[dotnet] Runtime components naming

#294 prabhu closed 2 months ago
0
Added generic cdxgen_args that can be passed as an environment variable or argument to depscan itself.

#293 deleterepo closed 2 months ago
1
Added generic cdxgen_args that can be passed as an environment variable or argument to depscan itself.

#292 deleterepo closed 2 months ago
0
Port various false positives fixes from v5

#291 prabhu closed 2 months ago
0
False-Positive: I raised the topic on discord. I compared the DT, Depscan, and Grype analyzers. The results are presented in the table. I think it will be useful for correcting the quality of the analysis.

#290 almaz045 opened 2 months ago
1
Adhoc FP and FN fixes

#289 prabhu closed 2 months ago
0
[FN] CVE-2023-5590 is not reported for Selenium.WebDriver@3.141.0

#288 prabhu closed 2 months ago
1
Adding the option to pass required-only argument to cdxgen

#287 deleterepo closed 2 months ago
5
False-Positive: CVE-2021-39913

#286 almaz045 opened 2 months ago
7
Consider deprecated packages as more risky. Ported to v6

#285 prabhu closed 2 months ago
0
Consider deprecated packages as more risky

#284 prabhu closed 2 months ago
0
Fixes #281

#283 prabhu closed 2 months ago
0
Use xz version of vdb which has better compression than nydus.

#282 prabhu opened 3 months ago
1
False-Positive: CVE-2020-14343

#281 almaz045 closed 2 months ago
9
Feature: VDB update frequency information

#280 johennin opened 3 months ago
2
[v6] Prefer xz vdb over rafs

#279 prabhu opened 3 months ago
0
backport: Add pyproject.nix flake

#278 Quince-Pie closed 3 months ago
0
Add nix flake using pyproject.nix

#277 Quince-Pie closed 3 months ago
3
[v6] Support for cpe based searches

#276 prabhu opened 3 months ago
0
Feature: Support for nix packages

#275 prabhu opened 3 months ago
0
Add SECURITY.md with vulnerability reporting and disclosure policy

#274 iAnonymous3000 opened 3 months ago
1
Tweaks

#273 prabhu closed 3 months ago
0
backport: Add compatibility for future oras releases

#272 Quince-Pie closed 3 months ago
0
Add compatibility for future oras releases

#271 Quince-Pie closed 3 months ago
3
Feature: pyproject.nix poc

#270 prabhu closed 3 months ago
0
Feature: nu plugin

#269 prabhu opened 4 months ago
0