OWASP Depscan - Next-Generation SCA

When to Use Depscan

Ideal scenarios:

• Advanced Software Composition Analysis (SCA)
• Vulnerability Disclosure Report (VDR) generation
• SBOM (Software Bill of Materials) creation and analysis
• CSAF 2.0 VEX (Vulnerability Exploitability eXchange) documents
• License compliance auditing
• Risk assessment and scoring
• Supply chain security analysis
• Multi-format vulnerability reporting

Complements other tools:

• More comprehensive than OSV-Scanner for SCA needs
• Use with CDXGen for enhanced SBOM generation