JSPM

Found 14 results for software-composition-analysis

retire

Retire is a tool for detecting use of vulnerable libraries

  • v5.4.3
  • 98.45
  • Published

lockhawk

Fast, free, accurate npm dependency vulnerability scanner for local + CI/CD with an interactive HTML dashboard and SARIF/JUnit output, powered by OSV.dev

  • v0.2.11
  • 47.82
  • Published

@lockhawk/core

Scanning engine for lockhawk: lockfile parsing, OSV.dev vulnerability matching, CVSS v3/v4 scoring, and SARIF/JUnit/HTML reports

  • v0.2.11
  • 46.90
  • Published

fad-checker

Scan ALL Maven, Gradle, npm, Yarn, Composer, Python, C#/.NET, Go & Ruby dependencies — plus embedded JARs (fat-jars/war/ear) — in a source tree ONE SHOT without mvn/python/etc — CVE (EPSS/KEV-prioritised), EOL, obsolete, outdated & licenses, with SBOM/CSA

  • v2.4.3
  • 46.64
  • Published

sastai

Free AI-powered SAST + SCA + secret scanning CLI for npm/Node and any codebase — AST taint analysis across 16 languages, dependency CVEs, secrets with live key validation, IaC & malware detection, SARIF for CI/CD. The npm twin of the `sast` PyPI package.

  • v1.0.3
  • 45.98
  • Published

sbom-sentinel

Automated SBOM generation and vulnerability scanning for multiple repositories. Generates CycloneDX SBOMs, scans with Trivy, and notifies via Slack/email.

  • v0.8.2
  • 40.37
  • Published

blackduck-polaris-mcp-server

Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c

    • v0.3.1
    • 35.81
    • Published

    supply-chain-mcp-server

    Software supply chain security MCP server — vulnerability scanning, package analysis, provenance verification, typosquatting detection, dependency intelligence across npm, PyPI, crates.io, Go, and more

    • v0.1.0
    • 35.75
    • Published

    @sathyendra/security-checker

    Stop npm supply-chain attacks before they execute. Zero-dependency security scanner: malicious package detection, lockfile audit, dropper detection, integrity checks, OWASP A03/A05/A08/A10 coverage, CycloneDX SBOM & VEX reports, provenance verification, s

    • v1.26.0
    • 29.20
    • Published

    @sentrasec/scanner

    Official CLI tool for the SentraSec Platform - Performs Software Composition Analysis (SCA) scans

      • v1.2.1-alpha
      • 26.97
      • Published

      blackduck-mcp-server

      Model Context Protocol (MCP) server for Black Duck SCA — vulnerability scanning, remediation, and PR automation for AI assistants

      • v1.0.1
      • 25.13
      • Published

      @rsabde/blackduck-mcp

      A Model Context Protocol (MCP) server for Blackduck and Server APIs, built with Node.js. Provides comprehensive tools for listing BOM, Operational risks and security issues

      • v1.0.5
      • 25.03
      • Published

      npm-verify-guard

      Global npm vulnerability and malware verifier with install-time blocking

      • v1.0.1
      • 24.93
      • Published