AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

GitHub Action to analyze Pull Requests for open-source supply chain issues

Golang SCA（Software Composition Analysis） 通过分析你的go.mod文件，协助你发现，Golang项目的依赖库是否存在漏洞

Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.

MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)

Python library for querying OSS Index

ThunderaBSA is a Binary Static Analysis tool

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

CLI Security Tool for SAST & SCA

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

Modular framework for SBOM generation that gathers file information and analyzes dependencies

🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!