...
RetireJS – exclusive for JavaScriptFind bugs with security, IDE plugin: support for Eclipse, Maven, Jenkins, Sonar QubeSonatype – Nexus Firewall for scanning new and existing components
Learn More:
- OWASP Dependency Check (for Java libraries)
- OWASPSafeNuGet (for .NET libraries)
- OWASP Good Component Practices Project
- The Unfortunate Reality of Insecure Libraries
- Open Source Software Security
- Addressing Security Concerns in Open Source Components
- MITRE Common Vulnerabilities and Exposures
- Example Mass Assignment Vulnerability that was fixed inActiveRecord, a Ruby on Rails GEM