Active Projects

These are our current active Open Source Projects.

AuditJS

javascript nodejs
Scan JavaScript (node.js inclusive) projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index
Sonatype Lifecycle

Bach

php composer
Scan PHP and Composer projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Chelsea

rubygems
Scan RubyGems powered projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index
Sonatype Lifecycle

Cheque

c
Scan C projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Jake

python conda pip
Scan Python and Conda environments for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index
Sonatype Lifecycle

Nancy

golang
Scan Golang projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index
Sonatype Lifecycle

OysterR

r cran
Scan R code for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Pants

rust cargo
Cargo subcommand provides a project bill of materials and identifies vulnerabilities.
Works with:
Sonatype OSS Index

Sherlock Trunks

java gradle
A Gradle plugin that scans the dependencies of a Gradle project for vulnerabilities.
Works with:
Sonatype OSS Index
Sonatype Lifecycle

Sonatype Lifecycle GitHub Action

GRADUATED ci github
GitHub Action for invoking Sonatype Lifecycle scans.
Worked with:
Sonatype Lifecycle
See official Sonatype Documentation

The CLA Bot

cla
Also known as Paul Botsco - this is our CLA Bot.
Works with:
Last modified August 29, 2024: fixes to project listing pages and boiler plate content on home page (7eaa95a)