OWASP Dependency Check is an open source solution designed to detect known vulnerabilities from dependencies. It cross checks project dependencies against the National Vulnerability Database and reports known vulnerabilities with its severity score.
I was inspired to contribute to this project after attending an OWASP conference in 2015. My contributions include:
All resulted in making it easier to integrate into a CI/CD pipeline and thus promoting adoption, leading to greater awareness of vulnerabilities and more secure solutions. Often a dependency upgrade mitigated a serious threat.
Project link: https://jeremylong.github.io/DependencyCheck/