OWASP Dependency Check

OWASP Dependency-Check is an open-source software composition analysis (SCA) tool that identifies known security vulnerabilities in project dependencies by analyzing manifest files such as pom.xml, package.json, and requirements.txt, then cross-referencing components against the National Vulnerability Database (NVD) and other sources including NPM Audit, OSS Index, and RetireJS to detect vulnerable libraries. The tool integrates into development workflows through command-line interface, Maven, Gradle, Ant plugins, and CI/CD platforms including Jenkins, GitHub Actions, and Azure DevOps to provide automated vulnerability detection with detailed severity-rated reports that enable developers to address security risks in third-party components throughout the software development lifecycle.