Integrations

Scan your projects for open source vulnerabilities, and build security into your development toolchain with native tools and integrations. The following scan tools all utilize the OSS Index public REST API.

Java / JVM

JavaScript

AuditJS scans npm projects
VS Code plugin

Go

Nancy scans Golang projects

C/C++

Cheque scans C/C++ projects

.NET

Audit.NET scans NuGet projects
DevAudit is a cross-platform security auditing tool

Python

ossaudit scans Python projects
Jake scans Python and Conda projects

PHP

Bach scans Composer projects

Ruby

Chelsea scans RubyGem projects

Rust

Cargo Pants scans Cargo projects

R

oysteR scans R projects

Other

Ahab scans apt and yum operating systems
OWASP Dependency-Check is an SCA utility for scanning project dependencies
OWASP Dependency-Track is a component analysis platform
OSS Review Toolkit is a suite of tools to assist with reviewing dependencies