The Docker security god must surely be smiling and thinking he must have done something right to have tools like Dagda that helps in performing static analysis of known vulnerabilities on Docker containers. If you did not get my “Docker security guard” analogy, I won’t blame you either. Google told me that Dagda is an important god of Irish mythology.
At work, I wanted to check if there were any vulnerabilities in the JAVA libraries that were being used. This is when I remembered of an old project – OWASP Dependency-Check. I was pleasantly surprised to see that it was still being updated and maintained by Jeremy Long.
It really did work for me and I ended up updating the few libraries that were being used in my project!
Continue reading “OWASP Dependency-Check: The Vulnerable Library Detector!”