A JavaScript/Node.js tool that leverages the Sonatype OSS Index to identify known vulnerabilities in your JavaScript & Node.js applications, helping developers secure their applications effectively.
A patch-level verification tool for Ruby Bundler that helps in scanning Gemfile.lock files for known security vulnerabilities, helping developers maintain secure dependencies.
Stands for Open Source Analysis; it is a tool that allows organizations to manage the risk associated with the use of open-source components in software, helping in identifying and mitigating potential security and license compliance issues.
A lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis, helping to identify and manage vulnerabilities associated with component usage.
An open-source tool suite that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities, helping in maintaining a secure codebase by managing the vulnerabilities effectively.
A feature of the Dependency-Track system that allows exporting findings in the Finding Packaging Format (FPF), aiding in the seamless sharing and management of vulnerability information across different platforms.
A static code analyzer from Micro Focus that helps in identifying security vulnerabilities in the source code early in the development lifecycle, promoting secure coding practices and reducing the risk of security breaches.
A GitLab feature that scans project dependencies for known vulnerabilities, utilizing a database of known issues to help developers maintain secure and updated dependencies in their projects.
A tool used to scan Go language (Golang) projects for known vulnerabilities using the National Vulnerability Database, helping developers to identify and patch security issues in their Go-based applications.
A scan conducted through JFrog Xray's API to gather summary information on artifacts, including potential security vulnerabilities, license compliance issues, and more, aiding in the secure handling of binary artifacts.
JFrog CLI empowers you with robust scanning capabilities to ensure the security and compliance of your source code and software artifacts, including containers.
A security scanning solution by JFrog that integrates with JFrog Artifactory, providing detailed information on security vulnerabilities and license compliance, helping to secure your software artifacts and containers.
An extended feature of JFrog Xray that allows for the scanning of various artifacts, including Docker images, and software packages, in a unified manner, to identify security vulnerabilities and compliance issues.
A software analytics and SAST tool that scans source code to identify vulnerabilities and compliance issues, aiding organizations in maintaining secure and compliant code bases.
A command-line utility from npm, Inc. that analyzes Node.js project dependencies to identify known vulnerabilities, helping developers to maintain secure and up-to-date project dependencies.
A tool that allows for the importation of software composition analysis (SCA) scans conducted using the DevAudit tool against the OSS Index vulnerability database, aiding in the identification and management of open-source vulnerabilities.
A security checker tool for PHP Symfony applications, which scans the project dependencies for known vulnerabilities, aiding developers in maintaining secure and compliant Symfony projects.
A tool that scans Python environments and analyzes installed packages against known vulnerability databases to identify security issues, helping Python developers to maintain secure code by managing vulnerable dependencies.
A scanner tool that identifies JavaScript files with known vulnerabilities in your web applications, utilizing a database of known vulnerabilities from Retire.js repository, assisting developers in maintaining secure JavaScript applications.
A security solution that scans applications to identify open-source risk, policy violations, and security vulnerabilities, helping organizations maintain secure applications by managing risks associated with open-source components.
A tool by Veracode that identifies vulnerabilities in open-source components used in applications, helping developers maintain secure open-source usage.
A solution that identifies vulnerabilities in open-source components used in applications, offering automated remediation and compliance reporting to maintain secure open-source usage.
A command in the Yarn package manager that identifies known vulnerabilities in project dependencies, helping to maintain secure Node.js applications by managing vulnerability risks in dependencies.
Black Duck® Binary Analysis gives you visibility into open source and third-party dependencies that have been compiled into executables, libraries, containers, and firmware. You can analyze individual files using an intuitive user interface or Black Duck multifactor open source detection, which automates the scanning of binary artifacts.