dependency-scanner

Here are 16 public repositories matching this topic...

Swek09 / DepSentry

🛡️ Blazing fast Supply Chain Security tool written in Rust. Features ephemeral sandboxing, hybrid analysis (CVE + Heuristics), and entropy-based malware detection.

Updated Jan 28, 2026
Rust

DNSZLSK / muad-dib

Star

Supply-chain threat detection for npm and PyPI. Detects Shai-Hulud, typosquatting, credential theft, obfuscation, reverse shells, GitHub Actions injection.

python npm security scanner pypi malware supply-chain ast typosquatting sarif mitre-attack supply-chain-security dependency-scanner shai-hulud shai-hulud2

Updated Mar 19, 2026
JavaScript

nuekkis / GuOx-Express

Sponsor

Star

GuOx: Ultimate enterprise‑grade, AI & WASM‑powered Express security framework.

Updated Oct 17, 2025
TypeScript

PardixLabs / feraldeps-core

Star

Open-source local dependency and vulnerability scanner for Maven and Gradle Java projects.

java open-source security dependency-manager gradle maven developer-tools cvss security-tools vulnerability-scanning vulnerability-scanner dependency-scanning dependency-scanner

Updated Mar 10, 2026
Java

metriclogic26 / packagefix

Star

Paste your manifest. Get back the fixed files. Free browser-based dependency security fixer — npm, PyPI, Ruby, PHP. No login. No CLI.

ruby open-source php npm security pypi vulnerability osv dependency-scanner cisa-kev

Updated Mar 19, 2026
HTML

LMLK-seal / Git-Seer

Star

Git Seer is a powerful CLI tool that provides instant insights into any public GitHub repository.

Updated Jun 30, 2025
Python

ertugrulakben / dep-oracle

Star

Predictive dependency security engine. Trust Scores for npm/Python packages. Detects zombies, typosquats, and supply chain risks before they become CVEs.

cli open-source security-audit cve python-security supply-chain-security dependency-scanner trust-score npm-security typosquat-detection

Updated Mar 13, 2026
TypeScript

ForgeScan is a high-performance supply-chain security scanner built with Rust and TypeScript. It detects npm typo-squatting attacks and obfuscated malware using Shannon entropy analysis and Levenshtein distance heuristics. Designed for speed, clarity, and explainable security research.

rust typescript ci-cd levenshtein-distance security-scanner devsecops cli-tool shannon-entropy json-output obfuscation-detection supply-chain-security dependency-scanner heuristic-analysis npm-security typosquatting-detection

Updated Jan 23, 2026
Rust

AlaBouali / ubel

Star

Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation to prevent supply-chain attacks. It works with: PyPI (via ubel-pip), npm (via ubel-npm),and Linux distributions (Ubuntu-based, Debian-based, RHEL, AlmaLinux).

python npm debian ubuntu redhat supply-chain kali-linux dependency-security supply-chain-security dependency-scanner almalinux supply-chain-attacks sca-scan

Updated Mar 12, 2026
Python

cawa102 / cveSentinel

Star

Skill to detect Vulnerability in your project

python cli security cve nvd osv devsecops vulnerability-scanner dependency-scanner claude-code

Updated Feb 23, 2026
Python

noamrazbuilds / license-compliance-scanner

Star

Scan dependency manifests (package.json, requirements.txt, go.mod) for open-source license compliance. Identifies licenses via package registries and SPDX, evaluates against configurable company policies, and generates compliance reports.

python open-source compliance spdx license-compliance fastapi legal-tech streamlit license-checker dependency-scanner