OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
A simple Java command-line utility to mirror the CVE JSON data from NIST.
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
A simple Java command-line utility to mirror the entire contents of VulnDB.
Damn Vulnerable SCA Application
Lucy is a component analysis platform to minimize the risk of license infringements and to support and optimize the license compliance process.
gradle pipeline
Add a description, image, and links to the software-composition-analysis topic page so that developers can more easily learn about it.
To associate your repository with the software-composition-analysis topic, visit your repo's landing page and select "manage topics."