High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines, using AI for recommendation!
-
Updated
Jul 15, 2026 - Go
High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines, using AI for recommendation!
CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.
Hands-off supply-chain watchdog for dev machines: orchestrates multiple security scanners (Perplexity bumblebee + osv-scanner, govulncheck, NVIDIA SkillSpector) into one daily verdict — via Claude/Slack, desktop notification, or plain CLI.
Agentic AI for DevSecOps: Transforming Security with GitHub Advanced Security and GitHub Copilot. GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.
Github Action for security scanning utilizing Salus by Coinbase
This repo contains the technology stack and its usage for software supply chain security of a Java application
How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.
AI provenance across your dependency tree. 14 ecosystems. CycloneDX and SPDX integration. Private registry.
Sheriff is a tool to scan repositories and generate security reports.
Offline, machine-wide Python supply-chain security audit — scan every virtual environment for vulnerable & malicious packages. CVE + typosquat detection, agent/CI-ready JSON. Also a lightweight venv manager.
CalVigil is an open-source security CLI for scanning dependencies, source code, IaC, containers, binaries, licenses, and supply-chain risks with CI-friendly reports.
Stop supply chain attacks before they reach your machine or CI pipeline.
Automated security auditing CLI for AI agent code — quarantine-first workflow for repos, packages, and agent tooling
Detect supply chain attacks in Python dependencies. Catches .pth injection, encoding obfuscation, typosquatting, and compromised packages. Zero dependencies, runs in 2 seconds.
Open-source local dependency and vulnerability scanner for Java (Maven/Gradle) and JavaScript (npm) projects.
Scan any GitHub repo for security issues — risky code, exposed keys, outdated packages
🛡 Scan GitHub repositories for dependency vulnerabilities using OSV database. Supports npm, PyPI, RubyGems, Go, and PHP.
Free dependency vulnerability scanner — scans full transitive tree for CVEs. Supports npm, PyPI, Maven. No signup.
Static code analysis of software licenses
OSS SCA scanner — SBOM + CVE + EUVD + KEV enrichment. Run ottersight scan . locally or in CI.
Add a description, image, and links to the dependency-scanning topic page so that developers can more easily learn about it.
To associate your repository with the dependency-scanning topic, visit your repo's landing page and select "manage topics."