#Sca

Showing 12 of 12 repositories tagged #sca, ranked by stars

DependencyTrack
DependencyTrack
dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Score
100
★ 4.0k ⑂ 775 +6/day
Java
murphysecurity
murphysecurity
murphysec

An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。

Score
86
★ 1.7k ⑂ 179 +1/day
Go
XmirrorSecurity
XmirrorSecurity
OpenSCA-cli

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.

Score
71
★ 1.1k ⑂ 134
Go
cdxgen
cdxgen
cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server

Score
100
★ 1.0k ⑂ 254 +5/day
JavaScript
awslabs
awslabs
automated-security-helper

ASH is an extensible, open source SAST, SCA, and IaC security scanner orchestration engine.

Score
57
★ 663 ⑂ 86 +2/day
Python
mergebase
mergebase
log4j-detector

A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too! TAG_OS_TOOL, OWNER_KELLY, DC_PUBLIC

Score
0
★ 640 ⑂ 96
Java
alipay
alipay
ant-application-security-testing-benchmark

xAST评价体系,让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

Score
43
★ 483 ⑂ 62 +1/day
Java
AppThreat
AppThreat
vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers.

Score
0
★ 145 ⑂ 23
Python
clj-holmes
clj-holmes
clj-watson

A Clojure tool that checks for vulnerable dependencies

Score
14
★ 102 ⑂ 11
Clojure
cycodehq
cycodehq
cycode-cli

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

Score
29
★ 98 ⑂ 64
Python
darkarnium
darkarnium
Log4j-CVE-Detect

Detections for CVE-2021-44228 inside of nested binaries

Score
0
★ 35 ⑂ 7
YARA
Swek09
Swek09
DepSentry

🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.

Score
0
★ 23 ⑂ 1
Rust
Related Topics
#security#sast#cyclonedx#devsecops#purl#sbom#software-composition-analysis#vulnerability-detection#scanner#bom#nvd#owasp

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly