DEV Community

Cover image for OWASP Dependency Check in Node js 🛡️
Ali nazari
Ali nazari

Posted on

OWASP Dependency Check in Node js 🛡️

We use dependencies in all our software projects.
However, sometimes the dependencies can introduce various vulnerabilities to our software. 💉

Therefore, we need to check for security issues before adding or updating any dependencies in our project.

OWASP Dependency Check is a tool that analyzes dependencies and checks for known issues.
You can access it through the following link:
https://owasp.org/www-project-dependency-check

Once you reach this page, click on the “Command Line” link to download the script used for analyzing our dependencies.

After downloading the file, extract the zip file and locate the ‘bin’ directory.

Inside the bin directory, you will find a file named dependency-check.sh.

security meme

notice: you need to have Java runtime installed in your computer for this tool to work properly.

once you have java runtime installed, you can go ahead and run this command:

bash pathtoYourFile/dependency-check.sh --project test --scan pathToYourProject

the result you will get:

report result

To understand how to read this report, you can visit the following link:
report

The most important information you should look for includes Evidence Count and CPE Confidence. These two factors together will indicate if any dependencies have issues.

In addition, tools such as snyk or burp can be used to control the dependencies of a project.

How else can you manage the dependencies in your project ? 🧐

Top comments (0)