DependencycheckOWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Retire.jsscanner detecting the use of JavaScript libraries with known vulnerabilities
dependency-track-maven-pluginMaven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
OpossumUIA light-weight app to audit and inventory large codebases for open source license compliance.
dtrack-auditOWASP Dependency Track API client for intergration into CI/CD pipeline
scancode.ioScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
lunasecLunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
vulndb-data-mirrorA simple Java command-line utility to mirror the entire contents of VulnDB.