Dependency Scanning

Browse 71 dependency scanning tools

FEATURED

Heeler Application Security Auto-Remediation

Application Security

Hudson Rock Cybercrime Intelligence Tools

Threat Management

Wiz Cloud

Cloud Security

Mandos Fractional CISO

Services

Get Featured

Feature your product and reach thousands of professionals.

Contrast Software Composition Analysis (SCA)

SCA tool detecting vulnerabilities in third-party libraries at runtime & build

Application Security•Software Composition Analysis

Contrast Software Composition Analysis (SCA)

SCA tool detecting vulnerabilities in third-party libraries at runtime & build

Software Composition Analysis

CloudDefense.AI QINA (App Security)

DevSecOps platform for app security with SAST, DAST, SCA, and API testing

Application Security•Static Application Security Testing

CloudDefense.AI QINA (App Security)

DevSecOps platform for app security with SAST, DAST, SCA, and API testing

Static Application Security Testing

FossID Software Composition Analysis

SCA tool for code scanning, license identification, and SBOM generation

Application Security•Software Composition Analysis

FossID Software Composition Analysis

SCA tool for code scanning, license identification, and SBOM generation

Software Composition Analysis

MergeBase Software Composition Analysis

SCA platform for managing open source vulnerabilities across SDLC

Application Security•Software Composition Analysis

MergeBase Software Composition Analysis

SCA platform for managing open source vulnerabilities across SDLC

Software Composition Analysis

Datadog Software Composition Analysis

SCA tool for identifying vulnerabilities in open-source dependencies

Application Security•Software Composition Analysis

Datadog Software Composition Analysis

SCA tool for identifying vulnerabilities in open-source dependencies

Software Composition Analysis

Sonatype Lifecycle

Automated SCA tool for open source dependency management and vulnerability remediation

Application Security•Software Composition Analysis

Sonatype Lifecycle

Automated SCA tool for open source dependency management and vulnerability remediation

Software Composition Analysis

SCANOSS Security Dataset

Vulnerability detection dataset for declared & undeclared dependencies in code

Application Security•Software Composition Analysis

SCANOSS Security Dataset

Vulnerability detection dataset for declared & undeclared dependencies in code

Software Composition Analysis

Cycode Enterprise Software Composition Analysis

Enterprise SCA tool for scanning & remediating vulnerable open source dependencies

Application Security•Software Composition Analysis

Cycode Enterprise Software Composition Analysis

Enterprise SCA tool for scanning & remediating vulnerable open source dependencies

Software Composition Analysis

OpenSCA Project

OpenSCA Project is a dependency security scanner that runs in the browser.

Application Security•Software Composition Analysis

OpenSCA Project

OpenSCA Project is a dependency security scanner that runs in the browser.

Software Composition Analysis

Xygeni SCA

SCA tool for vulnerability detection, malicious code identification & remediation

Application Security•Software Composition Analysis

Xygeni SCA

SCA tool for vulnerability detection, malicious code identification & remediation

Software Composition Analysis

Ossprey

Ossprey is a software supply chain security platform that uses AI-powered scanning to detect malicious open source code and prevent supply chain attacks through automated policy enforcement and dependency analysis.

Application Security•Software Composition Analysis

-1

Ossprey

Software Composition Analysis

-1

Mend Mend AI Native AppSec Platform

AI-native AppSec platform with SAST, SCA, container & dependency mgmt.

Application Security•Software Composition Analysis

Mend Mend AI Native AppSec Platform

AI-native AppSec platform with SAST, SCA, container & dependency mgmt.

Software Composition Analysis

SonarSource SonarQube

Code quality and security platform with SAST, SCA, and AI-powered remediation

Application Security•Static Application Security Testing

SonarSource SonarQube

Code quality and security platform with SAST, SCA, and AI-powered remediation

Static Application Security Testing

Codacy Security and Code Quality

Code security and quality platform with SAST, SCA, DAST, and AI code protection

Application Security•Static Application Security Testing

Codacy Security and Code Quality

Code security and quality platform with SAST, SCA, DAST, and AI code protection

Static Application Security Testing

AuditJS

AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.

Application Security•Software Composition Analysis

AuditJS

AuditJS is a command-line tool that scans JavaScript projects for known vulnerabilities and outdated packages in npm dependencies using the OSS Index API or Nexus IQ Server.

Software Composition Analysis

Betterscan

Betterscan is an orchestration toolchain that coordinates multiple security tools to scan source code and infrastructure as code for security vulnerabilities, compliance risks, secrets, and misconfigurations.

Application Security•Static Application Security Testing

Betterscan

Static Application Security Testing

snync

A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.

Application Security•Software Composition Analysis

snync

A security tool that detects potential Dependency Confusion attack vectors by identifying private package names that are not reserved on public registries.

Software Composition Analysis

Dependency Combobulator

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

Application Security•Software Composition Analysis

Dependency Combobulator

An open-source framework that detects and prevents dependency confusion attacks across multiple package management systems and development environments.

Software Composition Analysis

sdc-check

A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

Application Security•Software Composition Analysis

sdc-check

A dependency security analysis tool that identifies potential risks in project dependencies including unsafe lock files, installation scripts, obfuscated code, and dangerous shell commands.

Software Composition Analysis

Nexus Repository Manager Dependency/Namespace Confusion Checker

A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.

Application Security•Software Composition Analysis

Nexus Repository Manager Dependency/Namespace Confusion Checker

A Python script that scans Nexus Repository Manager for artifacts with identical names across repositories to identify dependency confusion attack vulnerabilities.

Software Composition Analysis

GuardDog

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

Application Security•Software Composition Analysis

GuardDog

GuardDog is a CLI tool that identifies malicious PyPI and npm packages using heuristics-based analysis of source code and metadata.

Software Composition Analysis

Hakiri Toolbelt

A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.

Application Security•Software Composition Analysis

Hakiri Toolbelt

A command line tool that automates vulnerability scanning of Ruby gems and Rails stack components by identifying CVE vulnerabilities in detected technology versions.

Software Composition Analysis

LunaTrace

LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.

Application Security•Software Composition Analysis

LunaTrace

LunaTrace is an open source supply chain security tool that monitors software dependencies for vulnerabilities and integrates with GitHub to notify developers of security issues before deployment.

Software Composition Analysis