Dependency-Check has a command line interface, a Maven plugin, a Gradle plugin, an Ant task and a number of integrations with build tooling such as Jenkins, GitHub Actions and Azure DevOps. The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool).

More detailed instructions can be found on the dependency-check-maven github pages. By default, the plugin is tied to the verify phase (i.e. mvn verify). Alternatively, one can directly invoke the plugin via mvn org.owasp:dependency-check-maven:check.

Created 11 April 2026. A software composition analysis plugin that identifies known vulnerable dependencies used by the project. ... Adding the plugin to build logic for usage in precompiled script plugins. See the relevant documentation for more information.

2 weeks ago - This plug-in can independently execute a Dependency-Check analysis and visualize results. The plugin has three main components: a globally defined tool configuration, a builder, and a publisher.

Dependency-Check also provides plugins to check for vulnerable components for CI/CD pipelines. The OWASP Spotlight series provides an example of the risks involved in using out of date and vulnerable libraries, and how to use Dependency-Check: 'Project 2 - OWASP Dependency Check'.

1 week ago - dependency-check-maven is a Maven Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies.

OWASP dependency-check is an open source solution to the OWASP Top 10 2021 entry: A06:2021 – Vulnerable and Outdated Components. Dependency-check can currently be used to scan software to identify the use of known vulnerable components. For a full list of supported languages/technologies ...

OWASP dependency-check-cli is an command line tool that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the scanned project dependencies.

March 11, 2026 - Learn about OWASP Dependency-Check, a Maven plugin that can help us identify known vulnerabilities in our application

The OWASP dependency-check-gradle plugin provides monitoring of the projects dependent libraries; creating a report of known vulnerable components that are included in the build.

September 27, 2025 - The OWASP dependency-check repository has moved to https://github.com/dependency-check/DependencyCheck.

Create the dependency-check-report.html and use internal mirroring of CVE contents. Note, that the NVD JSON files and META files must also be mirrored; see https://nvd.nist.gov/vuln/data-feeds#JSON_FEED. <project> ... <build> ... <plugins> ... <plugin> <groupId>org.owasp</groupId> <artifactId>dependency-check-maven</artifactId> <version>12.1.0</version> <configuration> <nvdDatafeedUrl>http://internal-mirror.mycorp.com/nvdcve-{0}.json.gz</nvdDatafeedUrl> </configuration> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin> ...

Extension for Azure DevOps - Dependency Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies.

The OWASP dependency-check-gradle plugin provides monitoring of the projects dependent libraries; creating a report of known vulnerable components that are included in the build.

Persisted cross-site scripting ... in project dependencies. Dependency-Check is an open source utility that identifies project dependencies and identifies if there are any known, publicly disclosed, vulnerabilities. This tool can be part of the solution to the OWASP Top ...

With 9.0.0 dependency-check has moved from using the NVD data-feed to the NVD API.

pkg:maven/org.owasp/dependency-check-maven@Loading... ... dependency-check-maven is a Maven Plugin that uses dependency-check-core to detect publicly disclosed vulnerabilities associated with the project's dependencies.

The dependency-check-gradle plugin will no longer be published to Maven Central; it will continue to be published to the Gradle plugin portal. Below are the quick start instructions. Please see the documentation site for more detailed information on configuration and usage. Add the plugin to your build.gradle file: plugins { id "org.owasp.dependencycheck" version "12.2.1" } Once gradle plugin applied, run following gradle task to check dependencies: gradle dependencyCheckAnalyze --info ·

January 6, 2026 - Dependency-Check enables developers to stay on top of their open source components early in the development process with support for command-line integration. This allows seamless integration with other tools, build systems, and APIs, helping ...

pkg:maven/org.owasp/dependency-check-plugin@Loading...