Vulnerability scanner written in Go that uses osv.dev data

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Security Docker security-tools Npm Containers

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • osv-scanner

    Vulnerability scanner written in Go which uses the data provided by https://osv.dev

    • - Building a high quality C/C++ vulnerability database.

    You can follow the two linked issues here: https://github.com/google/osv-scanner/issues/82 for updates!

  • packj

    Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

    • Great to see a developer-friendly tool around OSV! Packj [1] uses OSV APIs to report vulnerable PyPI/NPM/Rubygems packages. Disclaimer: I built it.

    1. https://github.com/ossillate-inc/packj flags malicious/risky packages.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • apko

    Build OCI images from APK packages directly without Dockerfile

    • Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.

    We open sourced a few tools that do it automatically for containers:

    https://github.com/chainguard-dev/apko

    https://github.com/chainguard-dev/melange

  • melange

    build APKs from source code (by chainguard-dev)

    • Depends exactly what you're trying to create it for. I advocate for doing it during the build process rather than as a step after.

    We open sourced a few tools that do it automatically for containers:

    https://github.com/chainguard-dev/apko

    https://github.com/chainguard-dev/melange

  • trivy

    Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

    • I like trivy[1] a lot. Nice to see more alternatives like this.

    1. https://github.com/aquasecurity/trivy

  • maloss

    Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages

    • We've an open-source project that does this: https://github.com/osssanitizer/maloss I'm working on creating a CLI/web interface for this. Happy to chat (email in profile).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts