owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

No README found.

Languages

Python97.1%Jinja1.5%Dockerfile0.6%Nix0.5%Shell0.3%

Contributors

PR CE AR SA HE LU QU TI AL RI

Latest Release

v6.1.0January 23, 2026 + 4 more releases

MIT License

Created January 28, 2020

Updated March 9, 2026