"topic:dependency-scanning" — Search

29 results for “topic:dependency-scanning”

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Go628Updated 1 week ago

blue-teamcargodefensive-securitydependency-managementdependency-scanningdependency-securitygogo-modulegolang-modulehacktoberfestmavennpmnugetpackage-securitypypisbomsbom-generatorsecuritysupply-chainsupply-chain-management

githubabcs-devops/gh-advsec-devsecops

Agentic AI for DevSecOps: Transforming Security with GitHub Advanced Security and GitHub Copilot. GitHub Advanced Security - DevSecOps Guidelines - Unified visibility into DevOps security posture. DevSecOps E2E Demos.

HTML176Updated 1 week ago

advanced-securityappsecappsecurityaspnet-corecode-scanningcontainer-scanningcontinuous-scanningcopilot-autofixdastdependency-scanningdevops-securitydevsecopsghasiacsastscatraning

federacy/scan-action

Github Action for security scanning utilizing Salus by Coinbase

Shell126Updated 1 year ago

continuous-integrationdependency-scanninggithub-actionssalussastsecuritysecurity-scanningstatic-analysis

emirhandogandemir/software-supply-chain-security-java

This repo contains the technology stack and its usage for software supply chain security of a Java application

Java71Updated 2 years ago

cosigndependency-scanninghelmimage-scanningjib-maven-pluginkyvernosbomsonarqubesupply-chain-securitytrivy

Hack23/talks

How to secure your development pipeline with static application security test (SAST) / Dynamic application security test (DAST), software composition analysis (SCA) using Sonarqube.

70Updated 2 weeks ago

application-securitycode-securitydastdependency-scanningdevsecopsdynamic-analysismavenopen-source-securitysastscasecure-developmentsoftware-composition-analysissonarqubestatic-analysisvulnerability-management

elementsinteractive/sheriff

Sheriff is a tool to scan repositories and generate security reports.

Go61Updated 2 weeks ago

dependency-scanningsecuritysecurity-auditsecurity-toolsvulnerability-scanner

elifsudeates/depshield

🛡 Scan GitHub repositories for dependency vulnerabilities using OSV database. Supports npm, PyPI, RubyGems, Go, and PHP.

Python31Updated 4 weeks ago

cve-scanningdependency-scanningosvsecure-software-developmentsecurity-toolsvulnerability-detectionvulnerability-scanners

tehcyx/lic

Static code analysis of software licenses

Go30Updated 3 weeks ago

dependency-scanninggolanglicopen-source

PardixLabs/feraldeps-core

Open-source local dependency and vulnerability scanner for Maven and Gradle Java projects.

Java20Updated 2 days ago

cvssdependency-managerdependency-scannerdependency-scanningdeveloper-toolsgradlejavamavenopen-sourcesecuritysecurity-toolsvulnerability-scannervulnerability-scanning

vulnify/vulnify-cli

CLI Vulnify - Faz o scan em seus projetos buscando por vulnerabilidades.

TypeScript20Updated 6 months ago

application-securityappsecchalkci-cd-securitycybersecuritydependency-scanningdevsecopsjavascript-securitynodejs-securitysastscasecure-codingsecuritysecurity-toolssoftware-supply-chainstatic-analysisvulnerability-scanner

codeflixde/csi-red-alert

CSI Red Alert - Scan your Repository and Docker Images on a daily basis. Create & Close the issues in your Gitlab Instance automatically. Notify on Slack with a summary on all new vulnerabilities.

TypeScript23Updated 3 years ago

codeflixcontainer-scanningcsidependency-scanningdockergitlabscanningsecurityslacktrivyvulnerability-management

wesleyscholl/NuVet

🏥🛡️ Automated NuGet vulnerability scanner & updater for .NET. Smart dependency patching with compatibility testing. Keep your packages safe & current. 🔒

HTML10Updated 3 months ago

automationci-cdcsharpdependency-managementdependency-scanningdevopsdevsecopsdotnetdotnet-coredotnet-toolnugetpackage-managersecuritysecurity-auditsecurity-toolssoftware-composition-analysissupply-chain-securityvisual-studiovulnerability-detectionvulnerability-scanner

sattyamjjain/OrchestAI

AI-powered codebase audit tool that scans for dependency vulnerabilities, deprecated API usage & generates comprehensive security reports. Uses MCP connectors for intelligent analysis with automated audit workflows.

Python10Updated 3 weeks ago

ai-toolscode-auditdependency-scanningdevopsmcppythonreport-generatorsecuritysoftware-qualitystatic-analysisvulnerability-scanner

gabrielldn/SecureFlow-CI-CD

SecureFlow-CI-CD demonstrates a CI/CD pipeline using GitHub Actions to perform security checks and analyses on a Python project.

Python10Updated 1 year ago

banditci-cdcicdcodeqldependency-scanningdevsecopsflake8github-actionspipelinepytestpythonsecure-developmentsecuritystreamlit

VibeCoder01/repochkr

FastHTML app to audit GitHub users/orgs for vulnerable dependencies using OSV data.

Python10Updated 3 months ago

dependency-scanningfasthtmlgithub-apiossosvpythonsecurityvulnerability-management

seibel777/tien.app

A clean, local-first CLI for 100% passive security auditing of JS/TS repos and URLs—secrets, dependency vulns, SAST, TLS/headers/cookies/CORS—built for streamable scan → merge → report workflows.

Go10Updated 1 month ago

clidependency-scanningdevsecopsgolangjavascriptsarifsastscasecrets-scanningsecuritysecurity-headerstypescriptvulnerability-scannerweb-security

NOMARJ/sigil

Automated security auditing CLI for AI agent code — quarantine-first workflow for repos, packages, and agent tooling

Python10Updated 6 hours ago

ai-agentscli-toolcode-scanningdependency-scanningdevtoolsmalware-detectionsecuritysecurity-auditstatic-analysisthreat-intelligence

loicguillois/slopwatch

Detect slopsquatting attacks — AI-hallucinated packages in your dependencies. Rust CLI + GitHub Action.

Rust10Updated 1 week ago

ai-safetyclidependency-scanninggithub-actionnpmpypirustsecurityslopsquattingsupply-chain

johnjohn2410/MCP-Security-Agent

No description provided.

TypeScript00Updated 6 months ago

agentic-aiai-securitycode-analysisdependency-scanningmcpmcp-securitymcp-serversecret-detectionsecurityvulnerability-scanner

therayyanawaz/VulnScanner

VulnScanner is a local-first, open-source vulnerability intelligence toolkit that syncs NVD, KEV, and EPSS data, scans npm and Python lockfiles, and enforces CI policy gates with offline cache mode, baseline diffing, and JSON/CSV/Markdown/SARIF reports.

Python00Updated 1 week ago

cisa-kevclicvedependency-scanningdevsecopsepssnvdosvpythonsarifsecuritysecurity-toolssqlitesupply-chain-securityvulnerability-managementvulnerability-scanner

sudeshgutta/secure-scan-action

Scan for vulnerabilities and trace their usage in your source code

Go00Updated 5 months ago

ast-grepdependency-scanningdevsecopsdockergithub-actiongo-securitygolangopen-source-securitysecure-cistatic-analysissupply-chain-securitytrivyvulnerability-scanning

evanlucas/scan-deps-gitlab

Create GitLab compatible dependency scanning report from npm audit

JavaScript00Updated 7 years ago

auditdependency-scanninggitlabgitlab-cinpm

bylickilabs/SentinelGuard

SentinelGuard is a full-featured vulnerability scanner for Python projects. It analyzes source code, dependencies, and secrets in a unified desktop interface.

Python00Updated 3 months ago

application-securitybylickilabscode-analysiscybersecuritydependency-scanningdevsecopsinfosecopen-source-securitypythonpython-applicationsastsecret-detectionsecure-codingsecuritysecurity-toolssoftware-securitystatic-analysisthreat-detectiontkinter-guivulnerability-scanners

haja-k/gitlab-ci-security-template

A reusable GitLab CI/CD template for automated security scanning, including secrets detection (Gitleaks, Trufflehog), dependency vulnerabilities (Trivy), SAST (Semgrep, SonarQube), DAST (OWASP ZAP), and a consolidated security dashboard. Include this in your gitlab-ci.yml for DevSecOps.

Shell00Updated 3 months ago

automationci-cdcwedashboarddastdependency-scanningdevsecopsgitlabgitlab-cigitleaksowasppipelinesastsecret-detectionsecuritysemgreptrivytrufflehogvulnerability-scanningzap

timothywarner-org/globomantics-robot-fleet

🤖 Globomantics Robot Fleet Manager - Educational demo with vulnerable dependencies for GitHub Advanced Security training. Tim Warner's Pluralsight Dependency Review course. Learn more: https://pluralsight.com

EJS01Updated 3 days ago

dependabotdependency-reviewdependency-scanningeducational-demogithub-advanced-securitynpm-auditpluralsightsecurity-trainingsupply-chain-securityvulnerable-dependencies

logpress-io/sbom-quickcheck

One POST, instant CVE impact for your SBOM. Give us a lightweight component list (npm / PyPI today), and get back the exact vulnerabilities and the minimal fixed versions you need to patch. Built for CI pipelines, PR checks, and SRE/AppSec dashboards.

00Updated 5 months ago

cvecyclonedxdependency-scanningdevsecopssbomsbom-toolssecuritysoftware-supply-chainspdxsupply-chain-securityvulnerabilitiesvulnerability-scanner

levz0r/fossa-license-scanner

GitHub Action for FOSSA license scanning with detailed PR comments and policy violation reporting. Automates license compliance checks with intelligent violation analysis and actionable feedback.

JavaScript00Updated 4 months ago

ci-cdcompliancecomposite-actiondependency-scanningfossalicense-compliancelicense-policylicense-scanning

Hossam1993591/NuVet

🔍 Scan .NET applications for vulnerabilities in NuGet dependencies, ensuring secure and reliable software with this professional-grade security tool.

HTML00Updated 1 hour ago

automationcsharpdependency-managementdependency-scanningdevopsdevsecopsdotnetdotnet-toolfractiongithub-confignugetpackage-managerpassingsecuritysoftware-composition-analysissupply-chain-securityvisual-studiovulnerability-detection

PhantomScanner/phantom-dashboard

A fast, automated security auditing dashboard that aggregates daily scans from all your projects. PhantomScanner collects results from Semgrep, Bandit, Trivy, and Gitleaks, normalizes them into a unified schema, stores them in a SQLite/Postgres backend, and visualizes them through a simple, responsive dashboard. Designed to scan many repos for free

Svelte00Updated 3 months ago

appsecautomationbanditcicddashboarddependency-scanningdevsecopsdockerfastapigithub-actionsgitleaksnormalizationpostgresreactscanning-toolsemgrepsqlitetrivyvulnerability-management