Dependency-Check is an open-source software composition analysis utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently, Java and .NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C++ build systems.
SD Elements leverages the results from the OWASP Dependency Check identifying vulnerable components or dependencies in use, to automatically mark the verification status of its security requirements. This tool integration can also support the enablement of our new Process Task Automation (PTA) feature. This is a new event-action framework that supports automatically transitioning SD Elements process tasks to ‘Complete’ based on the occurrence of triggering events within SD Elements, given certain predefined criteria.