Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud, PPE attacks, dependency confusion and 120+ malware indicators. Generates CycloneDX 1.6 SBOMs
AI Application Security — SBOM generation, static analysis, behavioral validation, and adversarial red-team testing for AI agents and LLM-powered applications.
SLSA v1.2 provenance mapping for PEAC provenance extension
in-toto v1.0 attestation mapping for PEAC provenance extension
DataNexus MCP — AI-Ready public data intelligence. 55 tools: CVE risk verdicts, SBOM licence policy, frontend security (manifest audit, CI scanner, typosquatting), licence compatibility, nonprofit 990 trends, SBOM monitoring, federal contracts, NPI lookup
Supply-chain security firewall for Node.js — resolves dependencies, scans via OSV.dev and NVD, and enforces configurable vulnerability policies before anything reaches node_modules.
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
SafeDep CLI: open source software supply chain security
SQLite database of critical packages from ecosyste.ms