OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
After years of waiting, I had finally made up my mind to use xz instead of gzip for depscan. Perhaps, this PR can wait given the recent news. I will separate the bug fix for #281 in a new PR.
Update vdb to fix pypi false positive. Fixes #281