JSPM

Found 8 results for software-composition-analysis

retire

Retire is a tool for detecting use of vulnerable libraries

  • v5.4.2
  • 93.55
  • Published

sbom-sentinel

Automated SBOM generation and vulnerability scanning for multiple repositories. Generates CycloneDX SBOMs, scans with Trivy, and notifies via Slack/email.

  • v0.8.1
  • 49.17
  • Published

@rsabde/blackduck-mcp

A Model Context Protocol (MCP) server for Blackduck and Server APIs, built with Node.js. Provides comprehensive tools for listing BOM, Operational risks and security issues

  • v1.0.5
  • 41.38
  • Published

blackduck-mcp-server

Model Context Protocol (MCP) server for Black Duck SCA — vulnerability scanning, remediation, and PR automation for AI assistants

  • v1.0.1
  • 38.49
  • Published

@sathyendra/security-checker

Stop npm supply-chain attacks before they execute. Zero-dependency security scanner: malicious package detection, lockfile audit, dropper detection, integrity checks, OWASP A03/A05/A08/A10 coverage, CycloneDX SBOM & VEX reports, provenance verification, s

  • v1.26.0
  • 32.80
  • Published

blackduck-polaris-mcp-server

Feature-rich MCP server for Black Duck Polaris — trigger SAST/SCA/DAST scans, query findings, generate reports (SBOM, SPDX, CycloneDX), manage policies, triage issues, and more. Works with Claude Code, Claude Desktop, GitHub Copilot, Cursor, and any MCP-c

    • v0.3.1
    • 26.92
    • Published

    @sentrasec/scanner

    Official CLI tool for the SentraSec Platform - Performs Software Composition Analysis (SCA) scans

      • v1.2.1-alpha
      • 16.69
      • Published