OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
We currently use forward-reachability analysis based on automatic tags, by default. We could offer options to use backward-reachability or analyzing based on arbitrary input and out tags.
We currently use forward-reachability analysis based on automatic tags, by default. We could offer options to use backward-reachability or analyzing based on arbitrary input and out tags.