[Owasp-leaders] OWASP dependency-check 1.2.5 released

Jeremy Long jeremy.long at owasp.org
Wed Sep 17 10:27:45 UTC 2014


The dependency-check team is pleased to announce the release of version
1.2.5 <http://jeremylong.github.io/DependencyCheck/>! The release notes can
be found on dependency-check's google group

OWASP dependency-check is a utility to assist in solving the OWASP Top 10
2013 entry: A9 - Using Components with Known Vulnerabilities
At its core, dependency-check is a utility to inventory, identify, and
monitor Java and .NET project dependencies (aka 3rd party libraries) and
report on any CVEs that affect the project dependency. There is a Command
Line Interface
Maven Plugin
Ant Task
and a Jenkins Plugin
Note, with regards to .NET assemblies the false positive rate may still be
a bit high and we hope to work on this in the next release.

If anyone is checking out the tool for the first time there are a couple of
very important documents that discuss how the tool works that I would
highly recommend reading:

* How does dependency-check work
* How to read the report

Feedback, questions
<https://groups.google.com/forum/#!forum/dependency-check>, and bug reports
<https://github.com/jeremylong/DependencyCheck/issues?q=is%3Aopen> are
always welcome! We hope you find the tool useful.


the dependency-check team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20140917/3847e9ea/attachment-0001.html>

More information about the OWASP-Leaders mailing list