OWASP dependency checker

Alexander Tereschenko aleksandr.v.tereschenko at linux.intel.com
Thu Apr 30 03:17:50 AEST 2020


On 28-Apr-20 17:12, Joseph Reynolds wrote:
> Does anyone have experience with OWASP's Dependency Checker?  Is using 
> something like this worthwhile to improve web application security?

I don't have any first-hand experience, the idea is interesting, but 
looking at the project's docs and issues list, looks like it doesn't 
really support C/C++ [1], so probably it's not going to be useful for 
OpenBMC?

In OpenBMC's project context I think it also overlaps somewhat with that 
cve-check Yocto class we discussed a couple of times on Security WG 
meetings, though if it supported C/C++, I think it could still be useful.

[1] https://github.com/jeremylong/DependencyCheck/issues/281



More information about the openbmc mailing list