OWASP dependency checker
Alexander Tereschenko
aleksandr.v.tereschenko at linux.intel.com
Thu Apr 30 03:17:50 AEST 2020
On 28-Apr-20 17:12, Joseph Reynolds wrote:
> Does anyone have experience with OWASP's Dependency Checker? Is using
> something like this worthwhile to improve web application security?
I don't have any first-hand experience, the idea is interesting, but
looking at the project's docs and issues list, looks like it doesn't
really support C/C++ [1], so probably it's not going to be useful for
OpenBMC?
In OpenBMC's project context I think it also overlaps somewhat with that
cve-check Yocto class we discussed a couple of times on Security WG
meetings, though if it supported C/C++, I think it could still be useful.
[1] https://github.com/jeremylong/DependencyCheck/issues/281
More information about the openbmc
mailing list