Explore OWASP Dependency-Check, a flagship project of the OWASP Foundation, in this 29-minute conference talk presented by Jeremy Long. Dive into the world of Software Composition Analysis and learn about primary data sources, including the National Vulnerability Database (NVD) and Common Vulnerability and Exposures (CVE) list. Understand the challenges in library identification, evidence-based identification issues, and strategies for dealing with false positives. Discover how to onboard an application and various use cases for dependency-check. Gain insights into vulnerability data sources and their importance in identifying security risks in software dependencies. Learn how to contribute to this open-source project and enhance the security of your applications.