sca

🔎 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Payments for Ruby on Rails apps

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全，具备专业的软件成分分析（SCA）、漏洞检测、专业漏洞库。

OpenSCA is a Software Composition Analysis (SCA) solution that supports detection of open source component dependencies and vulnerabilities.

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!

A simple Java command-line utility to mirror the CVE JSON data from NIST.

Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.

prancer platform is an IaC Security engine + Continuous Compliance for your cloud (Azure, AWS, GCP) and Kubernetes environment

用于检测maven项目的第三方依赖组件是否存在安全漏洞。

A source code static analysis platform for AppSec enthusiasts.

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

A curated list of Software Component Analysis (SCA) books, courses - free and paid, videos, tools, and tutorials.

clojure deps SCA

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm.

A simple Java command-line utility to mirror the entire contents of VulnDB.

Detections for CVE-2021-44228 inside of nested binaries

Python Elliptic Curve Side-Channel Analysis toolkit.

用于检测gradle项目的第三方依赖组件是否存在安全漏洞。