Open Web Application Security Project (OWASP) is a non-profit organisation working on improving the security of software. The Dependency-Check is a Software Composition Analysis (SCA) tool that scans projects for publicly disclosed vulnerabilities. It scans the project for "evidence" which may lead to the identification of Dependencies using the Common Platform Enumeration (CPE) It's basically acts as a mapping and helps to identify the dependencies in our project. In the next part I'll show you how to add a Dockerfile to run a Dependency Check on your existing project and also how to use it as an automated step to your Jenkins Pipeline.
Share Your Thoughts