Skip to main content

Getting Started (Development)

OWASP dep-scan is under very active development by AppThreat and the OWASP community. This is a comprehensive guide to contributing for developers of all experience level.

Setting up the Development Environment

Here are steps to download and run dep-scan software.

note

dep-scan utilizes the Cyclonedx/cdxgen project. Therefore is it required to install it using

npm install -g @cyclonedx/cdxgen

You would have to download any package managers utilized by your project on your system in order to ensure that cdxgen works on them properly.

tip

While using cdxgen it is a good idea to export CDXGEN_DEBUG_MODE=debug to ensure if you can install and package managers you might be missing for a scan.

  1. Clone owasp-dep-scan/dep-scan project repository.
git clone https://github.com/owasp-dep-scan/dep-scan
cd dep-scan
  1. Setup and activate a python environment of your choice. We use venv to manager our environemnts as an example here.
python3 -m venv venv
source venv/bin/activate
  1. Install dependencies and building dep-scan.
pip install -e .
tip

-e flag in pip creates a local install which is means that changes made to the project can be used instantly without having to install the project again.