OpenSCA is a dependency scanner that runs in your browser. It analyzes your project's dependency manifest files (like package-lock.json or requirements.txt) and checks them against the OSV.dev database to identify known security vulnerabilities. Your manifest files are parsed locally in your browser and has multi-ecosystem support. Provides "Health Score" and "Risk Grade" (A-F) system to gauge project security. Detailed Reporting: View severity (CVSS), affected versions, fix versions, and direct links to GitHub Advisories (GHSA). Download full reports in JSON or CSV formats. How to Use 1. Open Tool URL in any web browser (Chrome, Firefox, Edge, Safari). 2. Select Ecosystem: Choose the platform your project uses (e.g., npm for a Node.js project). 3. Upload Manifest: Select your dependency file (e.g., package-lock.json). 4. Scan: Click the "Scan" button. 5. Analyze: Review the Health Score, Risk Grade, and individual vulnerability cards. Click any card for full details including fix versions.