Flagship Projects

These are our Flagship Open Source projects.

AuditJS

javascript nodejs
Scan JavaScript (node.js inclusive) projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index Sonatype Lifecycle

Bach

php composer
Scan PHP and Composer projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Cargo Pants

rust cargo
Cargo subcommand provides a project bill of materials and identifies vulnerabilities.
Works with:
Sonatype OSS Index Sonatype Lifecycle

Chelsea

rubygems
Scan RubyGems powered projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index Sonatype Lifecycle

Cheque

c
Scan C projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Jake

python conda pip
Scan Python and Conda environments for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index Sonatype Lifecycle

Nancy

golang
Scan Golang projects for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index Sonatype Lifecycle

OysterR

r cran
Scan R code for vulnerable third-party dependencies.
Works with:
Sonatype OSS Index

Sherlock Trunks

java gradle
A Gradle plugin that scans the dependencies of a Gradle project for vulnerabilities.
Works with:
Sonatype OSS Index Sonatype Lifecycle