🔍 ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

🔐 Shim to easily install OWASP dependency-check-cli into Python projects

The SCANOSS python package providing a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

Modular framework for SBOM generation that gathers file information and analyzes dependencies

MiDas: Multi-granularity Detector for Vulnerability Fixes (IEEE TSE)

Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.

AWS native Static Application Security Testing (SAST) utility to find and eradicate vulnerable software packages stored in AWS CodeArtifact. Built for both real-time distributed and centralized deployments.

CLI Security Tool for SAST & SCA

Golang SCA（Software Composition Analysis） 通过分析你的go.mod文件，协助你发现，Golang项目的依赖库是否存在漏洞

Python library for querying OSS Index

GitHub Action to analyze Pull Requests for open-source supply chain issues

ThunderaBSA is a Binary Static Analysis tool