Vulnerability assessment of third party vendor libraries - closed source

[sarma....@gmail.com]

Hi folks

Is the Dependency Check tool restricted just to open source libraries or does it scan for vulnerabilities in any of the third party libraries that are not open source? If it doesn't support closed source libraries is there any way to make it work with such libraries?

[Jeremy Long]

Short answer - yes, for supported technologies OWASP dependency-check will identify vulnerabilities in commercial and FOSS libraries. However, please read about How dependency-check works.

--Jeremy

On Tue, May 23, 2017 at 7:18 AM, <sarma....@gmail.com> wrote:

Hi folks

Is the Dependency Check tool restricted just to open source libraries or does it scan for vulnerabilities in any of the third party libraries that are not open source? If it doesn't support closed source libraries is there any way to make it work with such libraries?

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-check+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.