Projects in Awesome Lists tagged with dependency-scanning

https://github.com/edoardottt/depsdev

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

blue-team cargo defensive-security dependency-management dependency-scanning dependency-security go go-module golang-module hacktoberfest maven npm nuget package-security pypi sbom sbom-generator security supply-chain supply-chain-management

Last synced: 14 Apr 2026

https://github.com/filipi86/drogonsec

High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines.

application-security cicd-security cloud-security code-scanning dependency-scanning devsecops iac-security open-source-security sast sca secret-detection security-scanner shift-left-security static-analysis vulnerability-scanner

Last synced: 17 Apr 2026

https://github.com/emirhandogandemir/software-supply-chain-security-java

This repo contains the technology stack and its usage for software supply chain security of a Java application

cosign dependency-scanning helm image-scanning jib-maven-plugin kyverno sbom sonarqube supply-chain-security trivy

Last synced: 24 Apr 2025

https://github.com/elementsinteractive/sheriff

Sheriff is a tool to scan repositories and generate security reports.

dependency-scanning security security-audit security-tools vulnerability-scanner

Last synced: 12 Jan 2026

https://github.com/tehcyx/lic

Static code analysis of software licenses

dependency-scanning golang lic open-source

Last synced: 28 Jan 2026

https://github.com/froggychips/mcp-skills-vault

Deterministic registry + supply-chain integrity scanner for MCP (Model Context Protocol) servers. One-line install via npx, hash-pinned 112-entry DB, 4 advisory feeds, offline-first audit. Make MCP boring.

agent-tools agentic-ai ai-agents anthropic claude claude-code claude-skill dependency-scanning llm-tools mcp mcp-client mcp-server mcp-servers mcp-tools model-context-protocol npm-security package-audit skills supply-chain-security

Last synced: 12 Jun 2026

https://github.com/levz0r/fossa-license-scanner

GitHub Action for FOSSA license scanning with detailed PR comments and policy violation reporting. Automates license compliance checks with intelligent violation analysis and actionable feedback.

ci-cd compliance composite-action dependency-scanning fossa license-compliance license-policy license-scanning

Last synced: 07 Feb 2026

https://github.com/timothywarner-org/globomantics-robot-fleet

🤖 Globomantics Robot Fleet Manager - Educational demo with vulnerable dependencies for GitHub Advanced Security training. Tim Warner's Pluralsight Dependency Review course. Learn more: https://pluralsight.com

dependabot dependency-review dependency-scanning educational-demo github-advanced-security npm-audit pluralsight security-training supply-chain-security vulnerable-dependencies