OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.3.3...v5.3.4
Bump up cdxgen to 10.4.1
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.3.2...v5.3.3
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.3.1...v5.3.2
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.3.0...v5.3.1
From this release, deprecated packages would always get flagged regardless of the score with risk audit. For PyPI, we look for couple of strings in the description since not every vendor follows the procedure to yank the packages correctly.
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.15...v5.3.0
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.14...v5.2.15
Update cdxgen to bring dotnet packages.lock.json fix
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.13...v5.2.14
Fix cdxgen version in container image to 10.2.5
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.12...v5.2.13
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.11...v5.2.12
Full Changelog: https://github.com/owasp-dep-scan/dep-scan/compare/v5.2.10...v5.2.11