GitPlanet
All Categories → No Category → software-composition-analysis

Top 9 software-composition-analysis open source projects

Dependencycheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
✭ 3,571
javajavascriptCMakeM4groovyrubysecuritybuild-toolgradle-pluginsecurity-auditvulnerability-detectionmaven-pluginjenkins-pluginant-tasksoftware-composition-analysis
Retire.js
scanner detecting the use of JavaScript libraries with known vulnerabilities
✭ 2,909
javascriptshellsecuritychrome-extensionscannerbuild-toolfirefox-extensionvulnerabilitiesgrunt-pluginssoftware-composition-analysisvulnerable-librariesinsecure-libraries
dependency-check-py
🔐 Shim to easily install OWASP dependency-check-cli into Python projects
✭ 44
pythonshellsecuritysecurity-auditdependency-analysisowaspcli-utilityvulnerability-detectionsoftware-supply-chaincve-scanningsoftware-composition-analysis
dependency-track-maven-plugin
Maven plugin that integrates with a Dependency Track server to submit dependency manifests and optionally fail execution when vulnerable dependencies are found.
✭ 28
javaXSLTowaspmaven-pluginpomcomponent-analysismaven-lifecycledevsecopssoftware-composition-analysissecurity-softwaredependency-trackbom-upload
OpossumUI
A light-weight app to audit and inventory large codebases for open source license compliance.
✭ 32
typescriptspdxpackage-dependencyremediationlicense-scancopyright-scansoftware-composition-analysiscodescanoss-compliancesoftware-bill-of-materials
dtrack-audit
OWASP Dependency Track API client for intergration into CI/CD pipeline
✭ 30
goMakefilesecuritycomponent-analysissecurity-toolssoftware-composition-analysis
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
✭ 66
pythonHTMLdockeropen-sourcevirtual-machinevulnerabilitieslicensespdxscascancodesoftware-composition-analysispurlpackage-urlcyclonedxfoss-compliance
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
✭ 1,261
typescriptgoCSSjavascriptSCSSPLpgSQLsecuritycontinuous-deliverydependency-analysiscybersecuritypci-dssweb-securitycompliancescanningcve-scanningtokenizationgdprsecurity-toolsdevsecopssoftware-composition-analysiszero-trustsoc2sbomscanning-toolsbom-generatorlog4shell
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
✭ 36
javashellvulndbcveappsecscasoftware-securitysoftware-composition-analysis
1-9 of 9 software-composition-analysis projects