-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
I've done some work in this space but not specifically on source code. A tool you could try out is Trivy from AquaSecurity. The filesystem scan option might work and can output SBOMs (here's the doc page). Using Trivy for docker images has worked quite well for me thus far so hopefully you have some luck using their filesystem or git repository options!
Have a look at https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html they have plans for c++ https://github.com/google/osv.dev/issues/783
Related posts
-
General Docker Troubleshooting, Best Practices & Where to Go From Here
-
Docker image vulnerabilities scanning trivy vs synk.io
-
Docker image vulnerabilities scanning trivy vs synk.io
-
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
-
Vulnerability scanner written in Go that uses osv.dev data