Dependency Checker

What is it?

A dependency checker is a tool that attempts to detect when updates are available for third party dependencies (libraries, frameworks, etc) used in your application due to publicly disclosed security vulnerabilities.

Why is it needed?

• Up to 90% of many applications are comprised of third party components.
• Applications often inadvertently introduce vulnerabilities by failing to update components in a timely manner or by pulling in outdated components with vulnerabilities.

When should I use this?

All the time.

Using components with known vulnerabilities is a widespread and serious problem in application development. It can lead to easy, scannable vulnerabilities in your app. Recommended tools for a variety of languages are provided elsewhere in this project:

Tools

• Agnostic dependency check
• Dependency check for Java
• Dependency check for Javascript
• Dependency check for Python
• Dependency check for Ruby

Further reading

• https://www.owasp.org/index.php/OWASP_Dependency_Check