Open-source way to scan dependencies for CVEs?

This page summarizes the projects mentioned and recommended in the original post on /r/golang

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • pip-audit

    Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

    Something like python's pip-audit. For commercial solutions I know there's Snyk and Jfrog we can always purchase, but I'm interested to see if there's an open-source tool that can do this.

  • nancy

    A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index (by sonatype-nexus-community)

    Please, check https://github.com/sonatype-nexus-community/nancy

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts