LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. Get started in one-click via our GitHub App or host it yourself. https://github.com/apps/lunatrace-by-lunasec/
Currently, NVD_START_YEAR is configurable with a default value of 2018. The tool should recommend a start year based on the oldest CVE found. If a CVE belonging to the year 2018 is found then the scan should recommend a re-scan with start year of 2017 (Previous year)
emerge is a source code analysis tool and dependency visualizer that can be used to gather insights about source code structure, metrics, dependencies and complexity of software projects. After scanning the source code of a project it provides you an interactive web interface to explore and analyze your project by using graph structures.
NsDepCop is a static code analysis tool that helps to enforce namespace dependency rules in C# projects. No more unplanned or unnoticed dependencies in your system.
In some cases, we assume the name of a library/application is the name of the repository in which the file resides. This works for many projects where you might use a repository per library or application but doesn't work as well for mono-repositories where files may be scattered across subdirectories. One simple way to handle this would be to pass along the file path in addition to the URL to the
Basic Primitives Diagrams for JavaScript - data visualization components library that implements organizational chart and multi-parent dependency diagrams, contains implementations of JavaScript Controls and PDF rendering plugins.
Currently,
NVD_START_YEARis configurable with a default value of 2018. The tool should recommend a start year based on the oldest CVE found. If a CVE belonging to the year 2018 is found then the scan should recommend a re-scan with start year of 2017 (Previous year)This can be implemented in the analysis module.