OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Similar to https://github.com/CycloneDX/cdxgen/issues/1048
We can update to 9.4-minimal and make the changes shown in the diff.
cc: @aryan-rajoria