retire
Retire is a tool for detecting use of vulnerable libraries
Found 14 results for software-composition-analysis
Retire is a tool for detecting use of vulnerable libraries
Fast, free, accurate npm dependency vulnerability scanner for local + CI/CD with an interactive HTML dashboard and SARIF/JUnit output, powered by OSV.dev
Scanning engine for lockhawk: lockfile parsing, OSV.dev vulnerability matching, CVSS v3/v4 scoring, and SARIF/JUnit/HTML reports
Scan ALL Maven, Gradle, npm, Yarn, Composer, Python, C#/.NET, Go & Ruby dependencies — plus embedded JARs (fat-jars/war/ear) — in a source tree ONE SHOT without mvn/python/etc — CVE (EPSS/KEV-prioritised), EOL, obsolete, outdated & licenses, with SBOM/CSA
Free AI-powered SAST + SCA + secret scanning CLI for npm/Node and any codebase — AST taint analysis across 16 languages, dependency CVEs, secrets with live key validation, IaC & malware detection, SARIF for CI/CD. The npm twin of the `sast` PyPI package.
Automated SBOM generation and vulnerability scanning for multiple repositories. Generates CycloneDX SBOMs, scans with Trivy, and notifies via Slack/email.
Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c
Software supply chain security MCP server — vulnerability scanning, package analysis, provenance verification, typosquatting detection, dependency intelligence across npm, PyPI, crates.io, Go, and more
Stop npm supply-chain attacks before they execute. Zero-dependency security scanner: malicious package detection, lockfile audit, dropper detection, integrity checks, OWASP A03/A05/A08/A10 coverage, CycloneDX SBOM & VEX reports, provenance verification, s
TypeScript client for the Black Duck REST API
Official CLI tool for the SentraSec Platform - Performs Software Composition Analysis (SCA) scans
Model Context Protocol (MCP) server for Black Duck SCA — vulnerability scanning, remediation, and PR automation for AI assistants
A Model Context Protocol (MCP) server for Blackduck and Server APIs, built with Node.js. Provides comprehensive tools for listing BOM, Operational risks and security issues
Global npm vulnerability and malware verifier with install-time blocking