Vulnerability databases play an important role in software supply chain security. Vulnerability databases contain information about known third-party components/libraries vulnerabilities. By leveraging multiple vulnerability databases, we can identify potential vulnerable third-party components used in software development and also remediate those issues quickly.
Here is the list of free Vulnerability databases that we can use as part of software supply chain security.
NVD (National Vulnerability Database): https://nvd.nist.gov
GitHub advisory: https://github.com/advisories
Google OSV: https://osv.dev
Snyk Vulnerability Database: https://security.snyk.io
SonaType OSS Index: https://ossindex.sonatype.org
Free Learning Resources for Application Security and Penetration Testing
Learning portal for Application Security and DevSecOps Engineers. It contains well-written and in-depth articles on Software Security and DevSecOps
blogs.appsecworld.com
Top comments (0)