OWASP Dependency-Check

Jan 1, 0001

Definition

OWASP Dependency-Check is an open-source tool that identifies project dependencies and checks if there are any known, publicly disclosed vulnerabilities. It supports a variety of programming languages and can be integrated into build pipelines to automate the detection of vulnerable components. By analyzing project files such as Maven POMs, npm package.json, or Python requirements.txt, it helps developers maintain secure applications by ensuring that dependencies are up-to-date and free from known security issues.

Secure Settings Example

# Example configuration for OWASP Dependency-Check in a Jenkins pipeline
pipeline {
    agent any
    stages {
        stage('Dependency Check') {
            steps {
                dependencyCheck additionalArguments: '--format XML --failOnCVSS 7',
                                odcInstallation: 'Dependency-Check'
            }
        }
    }
}

Insecure Settings Example

# Example of an insecure configuration where CVSS threshold is too high
pipeline {
    agent any
    stages {
        stage('Dependency Check') {
            steps {
                dependencyCheck additionalArguments: '--format XML --failOnCVSS 10',
                                odcInstallation: 'Dependency-Check'
            }
        }
    }
}

OWASP Dependency-Check

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter