Dependency-Check – Utility to detect publicly disclosed vulnerabilities in project dependencies

Any new application should be reviewed and verified against security issues. some application use third parties or libraries and this will take some time to manually review the source code and review online information. Dependency-Check is a tool that you can use for automating the verification of all components you use with your application.
Dependency-Check is an open source utility that will help to find publicly disclosed vulnerabilities related to software applications and third parties to have the list of CVE entries. normally developers are going to be advised by the security team to make and apply the update to fix the security issues within the report. the current version support Java and .NET dependencies.
Depndency checkDependencyCheck with Jenkins plugin

Dependency-check can be used in the following forms:

  • Command Line Tool
  • Maven Plugin
  • Ant Task
  • Jenkins Plugin

This tool can be a good addition to your secure SDLC project and it may be used to see the freshness of your third parties or vulnerabilities by priority .

You can find more information over this link:

Notify of
Inline Feedbacks
View all comments