High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines, using AI for recommendation!

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Hands-off supply-chain watchdog for dev machines: orchestrates multiple security scanners (Perplexity bumblebee + osv-scanner, govulncheck, NVIDIA SkillSpector) into one daily verdict — via Claude/Slack, desktop notification, or plain CLI.

Agentic AI for DevSecOps: Transforming Security with GitHub Advanced Security and GitHub Copilot. GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.

Github Action for security scanning utilizing Salus by Coinbase

This repo contains the technology stack and its usage for software supply chain security of a Java application

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

Sheriff is a tool to scan repositories and generate security reports.

AI provenance across your dependency tree. 14 ecosystems. CycloneDX and SPDX integration. Private registry.

Automated security auditing CLI for AI agent code — quarantine-first workflow for repos, packages, and agent tooling

Open-source local dependency and vulnerability scanner for Java (Maven/Gradle) and JavaScript (npm) projects.

🛡 Scan GitHub repositories for dependency vulnerabilities using OSV database. Supports npm, PyPI, RubyGems, Go, and PHP.

Static code analysis of software licenses

OSS SCA scanner — SBOM + CVE + EUVD + KEV enrichment. Run ottersight scan . locally or in CI.

A 5-second morning supply-chain safety check for npm/PyPI/Docker/Go/Rust: known-malicious packages, CVEs, zero-hour deps, release-cooldown & digest pinning, plus build-manifest and AI-agent-config auto-exec checks (Shai-Hulud/Miasma). Zero-dependency CLI + Claude Code plugin.

CLI Vulnify - Faz o scan em seus projetos buscando por vulnerabilidades.

One deterministic gate for your two riskiest moments: the terraform apply that reshapes your cloud, and the dependency you're about to install.

SentinelFlow: GitHub dependency-risk scanning with policy evaluation, audit logs, and webhook delivery.

🏥🛡️ Automated NuGet vulnerability scanner & updater for .NET. Smart dependency patching with compatibility testing. Keep your packages safe & current. 🔒

Free dependency vulnerability scanner — scans full transitive tree for CVEs. Supports npm, PyPI, Maven. No signup.