Getting Started (Development)
OWASP dep-scan is under very active development by AppThreat and the OWASP community. This is a comprehensive guide to contributing for developers of all experience level.
Setting up the Development Environment
Here are steps to download and run dep-scan software.
dep-scan utilizes the Cyclonedx/cdxgen project. Therefore is it required to install it using
npm install -g @cyclonedx/cdxgen
You would have to download any package managers utilized by your project on your system in order to ensure that cdxgen works on them properly.
While using cdxgen it is a good idea to export CDXGEN_DEBUG_MODE=debug to ensure if you can install and package managers you might be missing for a scan.
- Clone
owasp-dep-scan/dep-scanproject repository.
git clone https://github.com/owasp-dep-scan/dep-scan
cd dep-scan
- Setup uv by following the official documentation.
uv sync --all-extras --all-packages --dev
uv run depscan --help
uv run pytest
Local VDB setup
vdb --clean
vdb --download-image
# To scan containers and OS images
# vdb --download-full-image
Scan local depscan
uv run depscan --config .config/depscan-dev.toml
This would automatically use the configuration specified in the local config file.
devenv setup
Install devenv by following the official instructions.
devenv shell
uv sync --all-extras --all-packages --dev
uv run pytest
vdb tasks
devenv tasks run vdb:clean
devenv tasks run vdb:download-image
# devenv tasks run vdb:download-full-image
Language-specific profile:
# Ruby environment
devenv --option config.profile:string ruby shell
# dotnet environment
devenv --option config.profile:string dotnet shell
# android environment
devenv --option config.profile:string android shell
# flutter environment
devenv --option config.profile:string flutter shell