Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

Projects in Awesome Lists tagged with sca

A curated list of projects in awesome lists tagged with sca .

https://github.com/dependencytrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 03 Apr 2026

https://github.com/DependencyTrack/dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

appsec bill-of-materials bom component-analysis cyclonedx devsecops hacktoberfest nvd ossindex owasp package-url purl sbom sca security security-automation software-composition-analysis software-security vulnerabilities vulnerability-detection

Last synced: 30 Mar 2025

https://github.com/aboutcode-org/scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

copyright copyright-scan cyclonedx dependencies dependency-graph license license-checking license-scan licensing open-source-licensing oss-compliance package-url packages provenance purl sbom sca software-composition-analysis spdx spdx-licenses

Last synced: 11 May 2025

https://github.com/murphysecurity/murphysec

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。

codescan dependency sca scanner security software-composition-analysis software-supply-chain vulnerability-detection

Last synced: 14 May 2025

https://github.com/owasp-dep-scan/dep-scan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

compliance containers cve cyclonedx dependency-analysis dependency-audit devsecops reachability-analysis risk-audit sbom sca security-audit security-tools supply-chain-security vex vulnerability-scanners

Last synced: 08 May 2026

https://github.com/xmirrorsecurity/opensca-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 14 May 2025

https://github.com/XmirrorSecurity/OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

cyclonedx devsecops license-compliance sbom sca security software-bill-of-materials software-composition-analysis software-supply-chain software-supply-chain-security spdx static-analysis swid vulnerabilities

Last synced: 26 Apr 2025

https://github.com/cdxgen/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 23 May 2026

https://github.com/cyclonedx/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 13 Apr 2025

https://github.com/CycloneDX/cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. GPT: https://chatgpt.com/g/g-673bfeb4037481919be8a2cd1bf868d2-cdxgen

bom cbom containers cyclonedx docker oci owasp package-url purl saasbom sbom sca software-bill-of-materials supply-chain

Last synced: 01 Apr 2025

https://github.com/mergebase/log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

cve-2021-44228 cve-2021-45046 cve-2021-45105 cybersecurity detector log4j log4shell pentest sca scanner vulnerability-scanner

Last synced: 10 Jul 2025

https://github.com/awslabs/automated-security-helper

ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.

aws awslabs iac sast sca scanner security

Last synced: 03 Apr 2026

https://github.com/alipay/ant-application-security-testing-benchmark

xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

application benchmark dast evaluation iast sast sca security testing

Last synced: 15 May 2025

https://github.com/aboutcode-org/aboutcode

AboutCode project: tools and data to uncover things about code: the provenance, origin, license, and more (packages, security, quality, etc.) of FOSS code. Get started at https://aboutcode.readthedocs.io/

aboutcode dejacode license purl sbom sca scancode security

Last synced: 28 Jan 2026

https://github.com/stevespringett/nist-data-mirror

A simple Java command-line utility to mirror the CVE JSON data from NIST.

appsec cpe cve java nist nvd sca software-composition-analysis software-security

Last synced: 14 Jan 2026

https://github.com/aboutcode-org/scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!

cyclonedx docker foss-compliance license open-source package-url purl sca scancode software-composition-analysis spdx virtual-machine vulnerabilities

Last synced: 15 Jan 2026

https://github.com/prancer-io/cloud-validation-framework

prancer platform is an IaC Security engine + Continuous Compliance for your cloud (Azure, AWS, GCP) and Kubernetes environment

cloud cloudsecurity governance iac sca security

Last synced: 09 Apr 2026

https://github.com/AppThreat/vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.1, purl, and vers.

advisories cli cve database nvd purl sca vers vulnerability-database vulnerability-detection

Last synced: 07 May 2025

https://github.com/momosecurity/mosec-maven-plugin

用于检测maven项目的第三方依赖组件是否存在安全漏洞。

dependency-management maven maven-plugin sca security-tools

Last synced: 09 Apr 2025

https://github.com/cycodehq/cycode-cli

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

code cycode sast sca secrets secure security

Last synced: 04 Feb 2026

https://github.com/J08nY/pyecsca

Python Elliptic Curve Side-Channel Analysis toolkit.

ecc elliptic-curve-cryptography sca side-channel side-channel-attacks

Last synced: 15 May 2025

https://github.com/stevespringett/vulndb-data-mirror

A simple Java command-line utility to mirror the entire contents of VulnDB.

appsec cve java sca software-composition-analysis software-security vulndb

Last synced: 21 Aug 2025

https://github.com/aboutcode-org/dejacode

Automate open source license compliance and ensure software supply chain integrity

cyclonedx foss-compliance license open-source package-url purl sca scancode spdx vulnerabilities

Last synced: 12 Mar 2026

https://github.com/filipi86/drogonsec

High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines.

application-security cicd-security cloud-security code-scanning dependency-scanning devsecops iac-security open-source-security sast sca secret-detection security-scanner shift-left-security static-analysis vulnerability-scanner

Last synced: 17 Apr 2026

https://github.com/vanhauser-thc/vulntest

Static code analysis test source code

sca static-code-analysis

Last synced: 14 Oct 2025

https://github.com/momosecurity/mosec-gradle-plugin

用于检测gradle项目的第三方依赖组件是否存在安全漏洞。

dependency-management sca security-tools

Last synced: 09 Apr 2025

https://github.com/debricked/cli

Debricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.

cli debricked sca

Last synced: 17 Mar 2026

https://github.com/momosecurity/mosec-pip-plugin

用于检测python项目的第三方依赖组件是否存在安全漏洞。

dependency-management sca security-tools

Last synced: 09 Apr 2025

https://github.com/momosecurity/mosec-composer-plugin

用于检测composer项目的第三方依赖组件是否存在安全漏洞。

composer dependency-management php sca security-tools

Last synced: 23 Feb 2026

https://github.com/vulnetix/cli

Automate vulnerability triage which prioritizes remediation over discovery

cyclonedx oscal sarif sast sbom sca slsa software-transparency spdx vex vulnerability-management

Last synced: 17 May 2026

https://github.com/geminishkv/course_labs

Лабораторные работы по курсам для AppSec, Risk Analysis, Securty Champion: Toolchain, Orchestration, CI/CD, UML, etc.

appsec appsec-tutorials bash bmstu containersecurity course dast docker growth-team lerning-platform owasp-top-10 python sast sca secretdetection security security-team-testing toolchain tools training-materials

Last synced: 01 Apr 2026

https://github.com/momosecurity/mosec-node-plugin

用于检测 node 项目的第三方依赖组件是否存在安全漏洞。

dependency-management sca security-tools

Last synced: 15 Jun 2025

https://github.com/package-url/packageurl-dotnet

.NET parser for Package URLs (ECMA-427)

ecma-427 package-url purl sbom sca

Last synced: 16 Apr 2026

https://github.com/contrast-security-oss/contrast-sca-action

Contrast SCA GitHub Action

sca

Last synced: 09 Mar 2026

https://github.com/andersonshatch/sca-bash-completion

Bash completion script for Micro Focus Fortify Source Code Analyzer (SCA)

analyzer bash bash-completion fortify fortify-sca hpe-fortify-source micro-focus sca shell

Last synced: 16 Oct 2025

https://github.com/rohaquinlop/immunipy

A Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly, written in Rust.

cli python python-library sca security vulnerability-detection vulnerability-scanners

Last synced: 17 Oct 2025

https://github.com/saltedge/sca-authenticator-android

Salt Edge Authenticator - application that meets Strong Customer Authentication requirements (PSD2)

psd2 sca

Last synced: 26 Jan 2026

https://github.com/tonycknight/pkgchk-action

A Github action to run .net package dependency checks, and display results in a Github pull request.

ci dotnet nuget sca

Last synced: 02 Jan 2026

https://github.com/eclipse-apoapsis/guidance

The guidance for the Open Source Component Management process consists of a generic architecture description, usage blueprints, a concept of the abstraction layer and a collection of use cases. It enables you to quickly match your organization's needs with available solutions and jump-start your process definition by providing templates.

compliance ospo oss-compliance sbom sca software-composition-analysis spdx

Last synced: 26 Feb 2026

https://github.com/tonycknight/pkgchk-cli

A dotnet tool for package dependency checks.

ci dotnet nuget sca

Last synced: 31 Jan 2026

https://github.com/richlamdev/dependabot-slack

Github Dependabot Alert Scraper with Send to Slack Channel Option, Software Composition Analysis, Vulnerabilty Management, Patching, Supply Chain Security

api cve cvss cvss3 dependabot github patching python rest-api sca scaper supplychain vulnerability-management

Last synced: 11 Jun 2025

https://github.com/trustsource/ts-scan

One scanner integrating several capabilities across different environments

crypto license multi-package sbom sca trustsource yara

Last synced: 14 Apr 2025

https://github.com/zkarpinski/codeinsight-sdk-python

A Python client for the Revenera Flexera Code Insight

api code-insight collaborate flexera rest revenera sca sdk student-vscode

Last synced: 24 Jan 2026

https://github.com/lesis-lat/bunkai

A dependency-aware Software Composition Analysis (SCA) tool for Perl.

perl sca

Last synced: 01 Apr 2026

https://github.com/unidoc/unisupply

Go supply chain security analysis – finds vulnerabilities, weak maintainers, typosquatting, and CI/CD risks. SBOM + enterprise PDF reports.

audit-report ci-cd-security cyclonedx dependency-analysis go go-modules golang maintainer-analysis risk-assessment sbom sca slsa software-composition-analysis spdx supply-chain-security typosquatting

Last synced: 11 Jun 2026

https://github.com/yashbarot/security-scanner

A fast, zero-config CLI tool that scans your project dependencies and Dockerfiles for known security vulnerabilities — across 8 ecosystems, powered by free public vulnerability databases, with AI-powered analysis and scheduled scanning.

cli-tool cve dependency-check devsecops npm-audit open-source-security osv pip-audit python sca security supply-chain-security vulnerability-scanner

Last synced: 07 Apr 2026

https://github.com/nunenuh/defense-kit

Defensive security toolkit — scan, harden, and monitor your OS, code, repos, and infrastructure. Claude Code skill.

claude-code defense docker gitleaks hardening lynis sast sca security semgrep trivy

Last synced: 04 Apr 2026

https://github.com/bradrn/exsca-cpp

DEPRECATED in favour of https://github.com/bradrn/brassica

conlang conlanging exsca exsca-cpp historical-conlanging sca sound-changer sound-changes

Last synced: 11 Aug 2025

https://github.com/jenkinsci/secone-security-scanner-plugin

The Sec1 Security plugin provides both SCA and SAST capabilities, enabling teams to scan SCM repositories for open-source vulnerabilities and analyze code to detect security issues early in development.

devsecops foss sast sca sec1 secone security security-scanner

Last synced: 18 May 2026

https://github.com/toniantunovi/lucidshark

Unified code quality pipeline for AI-assisted development

ai claude-code code-quality coverage devsecops duplication-detection linting mcp sast sca security-scanner

Last synced: 06 Apr 2026

https://github.com/jenkinsci/secone-sca-sast-security-scanner-plugin

The Sec1 Security plugin provides both SCA and SAST capabilities, enabling teams to scan SCM repositories for open-source vulnerabilities and analyze code to detect security issues early in development.

devsecops foss sast sca sec1 secone security security-scanner

Last synced: 14 Jul 2025

https://github.com/clausklein/ossie

OSSIE: An Open Source Software Defined Radio Platform for Education and Research (historic)

corba omniorb sca

Last synced: 06 Apr 2025

https://github.com/fluidattacks/benchmark-infrastructure

The infrastructure for the benchmark includes a set of Vulnerable by Design (VbD) Targets of Evaluation (ToEs) used to measure the speed and accuracy of automated Application Security Testing (AST) tools.

ast benchmark compare cspm dast mpt re sast sca scr

Last synced: 14 Mar 2025

https://github.com/endorlabs/endorlabs-buildkite-plugin

Buildkite plugin for Endor Labs — run endorctl in CI to ship secure code with SCA, SAST, secrets, containers, and policy gating.

buildkite buildkite-plugin endorlabs sast sca security

Last synced: 03 Jun 2026

https://github.com/daliborgogic/nuxt-stripe-sca

Strong Customer Authentication

sca stripe

Last synced: 30 Oct 2025

https://github.com/sorgom/dstw

Digital Interlockig (DSTW) Implementation, C++ SIL4, CppUTest

coverage cplusplus cpp17 cpp20 cpputests dstw en61508 sca sil4

Last synced: 14 Mar 2025

https://github.com/snps-steve/devsecops

Steve's DevSecOps Tools

blackduck cybersecurity devsecops sca

Last synced: 07 Feb 2026

https://github.com/patchstack/connect

Patchstack connector for JavaScript applications. Scans your lockfile and reports installed packages to Patchstack for vulnerability monitoring.

cve dependency-scanning nodejs npm patchstack sca security typescript vulnerability

Last synced: 21 May 2026

https://github.com/haikalrfadhilahh/go-ci-devsecops

Package Docker Image for Implementing Continous Integration Security with SCA, SAST, and DAST in Go-Lang

ci-cd dast devsecops docker gosec govulncheck owasp-zap-baseline sast sca

Last synced: 05 May 2026