From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
OWASP Dependency Check in practice
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
OWASP Dependency Check in practice
- [Instructor] Let's take a look at OWASP Dependency Check. This is a software composition analysis tool. It determines what an application is composed of, not just the code you wrote, but all the libraries and dependencies that make up the application. The tool is evidence based, which means it evaluates software and looks at dependencies, and evaluates the file name, manifest, project object model, package names, and more. In OWASP Dependency Check this is all cataloged as evidence. Evidence found by the tool is then grouped into collections, by vendor, product, and version. Next OWASP Dependency Check compares what it finds to the National Vulnerability Database, which is maintained by nist.gov. It uses a Lucene index and fuzzy matching to determine if the evidence it found matches against the NVD. There are a lot of options to get started with OWASP Dependency Check, but we're going to use it on the command line to get a feel for how it works. To install the command line or CLI…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.