search

owasp-dep-scan / dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
https://owasp.org/www-project-dep-scan/
MIT License
933 stars 94 forks source link

Risk audit improvements #313

Closed prabhu closed 2 weeks ago

prabhu commented 2 weeks ago

Based on #311 but supports more.

Detecting slsa attestations

biome

binary blob detection for npm

sqlite3-2 sqlite3 fsevents-binary

prabhu commented 2 weeks ago

More test cases

pkg:npm/mknod@1.1.0
pkg:npm/zmq-prebuilt@2.1.0
pkg:npm/zeromq@6.0.0-beta.19
pkg:npm/node-duckdb@0.0.79
pkg:npm/registry-js@1.3.3-patch1
pkg:npm/node-libcurl@4.0.0
pkg:npm/gpt4all@4.0.0