[Owasp-leaders] OWASP dependency-check 1.2.5 released

Jeremy Long jeremy.long at owasp.org
Wed Sep 17 10:27:45 UTC 2014


All,

The dependency-check team is pleased to announce the release of version
1.2.5 <http://jeremylong.github.io/DependencyCheck/>! The release notes can
be found on dependency-check's google group
<https://groups.google.com/forum/#!topic/dependency-check/vU1fUU8gMr0>.

OWASP dependency-check is a utility to assist in solving the OWASP Top 10
2013 entry: A9 - Using Components with Known Vulnerabilities
<https://www.owasp.org/index.php/Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities>.
At its core, dependency-check is a utility to inventory, identify, and
monitor Java and .NET project dependencies (aka 3rd party libraries) and
report on any CVEs that affect the project dependency. There is a Command
Line Interface
<http://jeremylong.github.io/DependencyCheck/dependency-check-cli/index.html>,
Maven Plugin
<http://jeremylong.github.io/DependencyCheck/dependency-check-maven/usage.html>,
Ant Task
<http://jeremylong.github.io/DependencyCheck/dependency-check-ant/installation.html>,
and a Jenkins Plugin
<https://wiki.jenkins-ci.org/display/JENKINS/OWASP+Dependency-Check+Plugin>.
Note, with regards to .NET assemblies the false positive rate may still be
a bit high and we hope to work on this in the next release.

If anyone is checking out the tool for the first time there are a couple of
very important documents that discuss how the tool works that I would
highly recommend reading:

* How does dependency-check work
<http://jeremylong.github.io/DependencyCheck/internals.html>
* How to read the report
<http://jeremylong.github.io/DependencyCheck/thereport.html>

Feedback, questions
<https://groups.google.com/forum/#!forum/dependency-check>, and bug reports
<https://github.com/jeremylong/DependencyCheck/issues?q=is%3Aopen> are
always welcome! We hope you find the tool useful.

Regards,

the dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140917/3847e9ea/attachment-0001.html>


More information about the OWASP-Leaders mailing list