🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.

Real-time npm/PyPI supply-chain threat detection. Production sensor with gVisor sandbox, behavioral analysis, and 200+ heuristic rules.

GuOx: Ultimate enterprise‑grade, AI & WASM‑powered Express security framework.

Open-source local dependency and vulnerability scanner for Java (Maven/Gradle) and JavaScript (npm) projects.

Paste your manifest. Get back the fixed files. Free browser-based dependency security fixer — npm, PyPI, Ruby, PHP. No login. No CLI.

AI-powered open source license compliance scanner. Analyzes how dependencies are actually used — not just what license they have — to determine if obligations trigger for your distribution model. Multi-agent AI pipeline, MCP server for Claude Code integration, and structured output for AI assistants. Zero API keys needed for local use.

Cross-ecosystem dependency security scanner. Detects the axios RAT supply chain attack and similar threats. 4-layer detection: AST analysis, behavioral fingerprinting, dep graph profiling, registry metadata. Scans npm/PyPI/Cargo/Brew. Zero dependencies.

Multi-ecosystem SBOM scanner with interactive HTML report, dependency tree, and CVE scanning. Supports npm, PyPI, Dart, Maven/Gradle, Rust/Cargo.

Offline supply chain security scanner. Detects malicious packages, typosquatting, compromised dependencies, and unsafe CI configurations across npm, pip, Cargo, NuGet, and Maven. Zero dependencies. AI/MCP-ready.

ForgeScan is a high-performance supply-chain security scanner built with Rust and TypeScript. It detects npm typo-squatting attacks and obfuscated malware using Shannon entropy analysis and Levenshtein distance heuristics. Designed for speed, clarity, and explainable security research.

Multi-validator dependency security with Byzantine consensus

Catch supply chain attacks before npm install finishes

Git Seer is a powerful CLI tool that provides instant insights into any public GitHub repository.

Predictive dependency security engine. Trust Scores for npm/Python packages. Detects zombies, typosquats, and supply chain risks before they become CVEs.

Open Source Dependency License Auditor — Multi-agent GenAI system for automated license compliance analysis

Skill to detect Vulnerability in your project

Scan dependency manifests (package.json, requirements.txt, go.mod) for open-source license compliance. Identifies licenses via package registries and SPDX, evaluates against configurable company policies, and generates compliance reports.

Dependency scanner and updater

Scan all GitHub repos in an org or personal account to find packages below a specific version. Supports Composer & Node dependencies.

Scala/SBT dependency risk scanner — vulnerability detection, license compliance, SBOM generation, unused dep analysis, policy-as-code, and more