Acunetix
Web vulnerability scanner for automated security testing of websites and web apps
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Detect known vulnerabilities in project dependencies automatically.
Dependency-Check scans project libraries, maps them to CPE identifiers, and reports associated CVEs, helping teams identify and remediate known security flaws across multiple ecosystems.
Dependency-Check is a Software Composition Analysis tool that examines a project's dependencies, resolves them to Common Platform Enumeration (CPE) identifiers, and generates reports linking to known CVE entries. It supports a wide range of ecosystems by leveraging external tools such as , , , , , and .
dotnetgonpmyarnpnpmbundle-auditThe scanner runs on Java 11+ and can be invoked via a command‑line interface, Maven, Gradle, Ant, or the Jenkins plugin, making it suitable for local development and CI/CD pipelines. Access to the NVD API (recommended with an API key) provides up‑to‑date vulnerability data, while a local H2 database caches results to reduce repeated network calls. Users must ensure internet connectivity and appropriate build‑tool installations for the languages they target.
When teams consider Dependency-Check, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
CI Build Validation
Builds automatically fail when newly discovered CVEs are found in dependencies.
Legacy Application Audit
Generate a detailed report of outdated libraries and associated vulnerabilities for remediation planning.
Automated Dependency Updates
Identify vulnerable components and prioritize version upgrades across the codebase.
Compliance Reporting
Produce an inventory of CVEs for regulatory audits and security certifications.
An API key is highly recommended; without it updates are extremely slow and may hit rate limits.
Java 11 or newer is mandatory for Dependency-Check 11.0.0 and later.
Scanning Docker images is not natively supported; you would need to extract the filesystem and scan the contained libraries.
Use a shared local cache, stagger builds, or obtain multiple API keys for parallel pipelines.
No built‑in GUI; interaction is through the CLI or integration plugins.
Project at a glance
ActiveLast synced 4 days ago
