OWASP Dependency Check is a software composition analysis (SCA) tool that detects publicly disclosed vulnerabilities (CVEs) in project dependencies. It cross-references all Maven JARs against the National Vulnerability Database (NVD) and generates an HTML/JSON report.
OWASP ZAP (Zed Attack Proxy) is an open-source Dynamic Application Security Testing (DAST) tool. It acts as an automated penetration tester — it crawls the application, sends malformed and adversarial requests, and reports security vulnerabilities it finds at runtime.
The RCB platform runs a comprehensive security scan every Saturday at 02:00 UTC. This automated workflow catches newly disclosed CVEs in dependencies, verifies security headers are present, and runs a DAST scan against the staging environment.