I was told by someone that Gemnasium is simply a wrapper for OWASP dependency Check. I am a bit confused since I do not find any information on it to back it at all.
Hi, @SC2142! Gemnasium is not a wrapper for OWASP dependency check. There are three official analyzers used to scan supported project types: gemnasium
, gemnasium-python
, and gemnasium-maven
. These analyzers parse committed lockfiles, or execute a build tool/package manager to generate a lockfile equivalent that is parsed. The file utilized ultimately is parsed to generate the dependency list. If you’d like more information, you may view the documentation and the Gemnasium project on GitLab.
1 Like