Integrations

Scan your projects for open source vulnerabilities, and build security into your development toolchain with native tools and integrations. The following scan tools all utilize the OSS Index public REST API.

Authentication is now required for all tools using OSS Index. Sign in to access your token.

SCA Platforms

OWASP Dependency-Check is an SCA utility for scanning project dependencies Set up with your token

OWASP Dependency-Track is a component analysis platform Set up with your token

OSS Review Toolkit is a suite of tools to assist with reviewing dependencies Setup guide coming soon

Java / JVM

Maven plugin Setup guide coming soon

Gradle plugin Setup guide coming soon

Maven Enforcer rules Setup guide coming soon

JavaScript

AuditJS scans npm projects Set up with your token

VS Code plugin Setup guide coming soon

Go

Nancy scans Golang projects Setup guide coming soon

C/C++

Cheque scans C/C++ projects Setup guide coming soon

.NET

Audit.NET scans NuGet projects Setup guide coming soon

DevAudit is a cross-platform security auditing tool Setup guide coming soon

Python

ossaudit scans Python projects Setup guide coming soon

Jake scans Python and Conda projects Setup guide coming soon

PHP

Bach scans Composer projects Setup guide coming soon

Ruby

Chelsea scans RubyGem projects Setup guide coming soon

Rust

Cargo Pants scans Cargo projects Setup guide coming soon

R

oysteR scans R projects Setup guide coming soon

Other

Ahab scans apt and yum operating systems Setup guide coming soon