Integrations

Integrate open source vulnerability information across your development toolchain with pre-built tools and applications.

Ahab

Ahab is a tool to check for vulnerabilities in your apt or yum powered operating systems

Audit.js

Audits an NPM project

Audit.NET

Audit.NET is a Visual Studio extension that highlights NuGet package dependencies with security vulnerabilities

The Central Repository

Serving Open Source Components Since 2002

Cheque

Cheque helps you by finding all libraries used by your C/C++ projects and retrieving known vulnerabilities.

Dependency Check

OWASP Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities.

Dependency Track

Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.

Sonatype DepShield

Sonatype DepShield is a GitHub App used by developers to identify and remediate vulnerabilities in their open source dependencies.

DevAudit

Open-source, cross-platform, multi-purpose security auditing tool

Goalie

Find package vulnerabilities in Golang binaries

Gradle

Dependency audit plugin for Gradle

Jake

An OSS Index integration to check your Conda environments for vulnerable Open Source packages

Maven

Dependency audit plugin for Maven

Maven Enforcer

Use Maven-Enforcer plugin to ban vulnerable dependencies from inclusion project builds.

Nancy

A tool to check for vulnerabilities in your Golang dependencies

ossaudit

Audit Python packages for known vulnerabilities

VSCode

Scan your libraries against either the free OSS Index vulnerability database or the Sonatype Nexus IQ Server.