Dependency Check


Use of vulnerable components (A9) contributes to some of the worlds largest breaches. It is unique among other types of security issues - in that vulnerabilities can suddenly arrise at any point in the software development lifecycle with or without code changes. OWASP Dependency-Check - a project created by Jeremy Long in 2012 - is a flagship OWASP project with thousands of users and many volunteers. It has grown from a single command line tool into a full suite designed to provide visibility of vulnerable components throughout the software development lifecycle.


  • An overview of the state-of-the-art of the Dependency-Check & Dependency-Track ecosystem
  • Provide sneak peak at v2.0.0
  • Demos (may the demo gods be gracious)
  • Get direct feedback on existing and in-progress features


  • Identify areas - Dependency-Check and Dependency-Track need improvement
  • Learn about complementary issues that put use of third-party components at risk
  • Learn how to contribute to the projects


  • Security practitioners
  • CI/CD/DevOps practitioners
  • Software engineers
  • QA engineers
  • Anyone responsible for the design, creation, testing, or operation of software

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions)


…add content…

Back to list of all Working Sessions and Tracks

Edit this page here