OWASP Dependency Check

OWASP Dependency Check is an open source solution designed to detect known vulnerabilities from dependencies. It cross checks project dependencies against the National Vulnerability Database and reports known vulnerabilities with its severity score.

I was inspired to contribute to this project after attending an OWASP conference in 2015. My contributions include:

  • instrumented code to identify how long certain steps were taking ⌚️
  • optimized code so that it would run faster 🚀
  • added features to avoid costly, redundant downloads of the National Vulnerability Database saving several minutes during builds

All resulted in making it easier to integrate into a CI/CD pipeline and thus promoting adoption, leading to greater awareness of vulnerabilities and more secure solutions. Often a dependency upgrade mitigated a serious threat.

Project link: https://jeremylong.github.io/DependencyCheck/

Nifty tech tag lists from Wouter Beeftink