Dependency-Check!

More..

* 2012/10/29 Adopted Crowdin http://crowdin.net/project/owasp-zap
for translations * 2012/10/22 Started generating weekly releases https://github.com/zaproxy/zap-core-help/wiki/WeeklyReleases
* 2012/10/12 ZAP Overview tutorial video http://www.youtube.com/watch?v
eH0RBI0nmww published * 2012/09/18 ZAP Gear Store http://www.cafepress.com/zaproxy
goes live * 2012/08/05 Version 1.4.1 https://github.com/zaproxy/zap-core-help/wiki/HelpReleases1_4_1
released * 2012/07/08 Version 1.4.0.1 https://github.com/zaproxy/zap-core-help/wiki/HelpReleases1_4_0
downloaded over 15,000 times * 2012/07/05 Python API https://github.com/zaproxy/zap-core-help/wiki/ApiPython
released * 2012/06/15 ZAP accepted for the OWASP Project Reboot http://owasp.org/in

Dependency-Check alternatives

  • OpenVAS

  • The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.

    tags: vulnerability-scanner

  • Retire.js

  • The goal of Retire.js is to help you detect use of a JavaScript library version with known vulnerabilities.

    tags: javascript security-auditing security-utilities vulnerability-scanner

  • vFeed

  • The vFeed framework is an open source naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing its relationship to other standards and security references.

    tags: security-utilities cve nvd

  • victims

  • The victims project provides a canonical database of known-vulnerable JAR files, along with tools to compare this database to Java applications in development, release and production environments.

    tags: java security-utilities vulnerability-scanner security-auditing cve

  • cvechecker

  • The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.

    tags: vulnerability-scanner cve