OWASP Dependency Check
OWASP Dependency Check is a software composition analysis (SCA) tool that detects publicly disclosed vulnerabilities (CVEs) in project dependencies. It cross-references all Maven JARs against the National Vulnerability Database (NVD) and generates an HTML/JSON report.