depscan
CommunityDeep SCA & vulnerability analysis.
Authorigbuend
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the critical need for comprehensive Software Composition Analysis (SCA) by identifying vulnerabilities, managing licenses, and generating essential security documents like SBOMs and VEX.
Core Features & Use Cases
- Advanced SCA: Goes beyond basic dependency scanning to include vulnerability data, license compliance, and risk assessment.
- SBOM & VEX Generation: Creates Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) documents crucial for supply chain security and compliance.
- Use Case: A development team needs to ensure their new application is free from known vulnerabilities in its open-source dependencies and must provide an SBOM to their security team. This Skill can perform the scan, generate the SBOM, and highlight critical vulnerabilities with actionable remediation steps.
Quick Start
Run a full OWASP Depscan audit on the current project directory, generating SARIF, JSON, and HTML reports, and enabling risk auditing and license scanning.
Dependency Matrix
Required Modules
owasp-dep-scancdxgensarif-tools
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: depscan Download link: https://github.com/igbuend/grimbard/archive/main.zip#depscan Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.