Labrador Labs Labrador CLI is a command-line tool designed to analyze suppliers' source code for vulnerabilities and license issues while preserving code privacy through encryption. How it works: - The Labrador Scanner is distributed to software suppliers, who use it to scan their own source code locally. - The supplier's source code files are encrypted before any output leaves their environment. - The encrypted scan output is transmitted and deciphered through the Labrador Interface on the customer's side. - The Labrador Engine analyzes the encrypted source code for security vulnerabilities and license compliance issues. - A compiled report is generated containing an SBOM (Software Bill of Materials), license violations, and identified vulnerabilities. Key capabilities: - Encrypted source code analysis, ensuring suppliers' proprietary code is never exposed in plaintext to the customer. - SBOM generation for third-party and supplier software components. - License compliance checking to identify license violations in supplier code. - Vulnerability detection within supplier-provided software. - Flexible analysis setup to accommodate different supplier environments. Supported languages include C, C++, Java, Python, JavaScript, Ruby, Go, PHP, C#, Swift/Objective-C, Kotlin, and Android. Supported package managers include npm, Maven, Gradle, Yarn, CocoaPods, RubyGems, Composer, Go Modules, NuGet, PyPI, pip, and Paket. CI/CD integrations include Jenkins, Azure Pipelines, GitLab, Bamboo, Bitbucket, TeamCity, CircleCI, and GitHub.