PyRank

Sca Python Packages

Python packages with the GitHub topic sca. Sorted by relevance, with stars and monthly downloads.
cycodehq
cycode

Boost security in your dev lifecycle via SAST, SCA, Secrets & IaC scanning

135K 98 64
aboutcode-org
scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

88K 3K 725
duriantaco
ca9

Open source Python CVE reachability analysis for evidence-backed SCA triage. Turn Snyk, Dependabot, Trivy, pip-audit, and OSV alerts into fix, suppress, or investigate decisions.

67K 5 0
appthreat
appthreat-vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers.

28K 140 22
owasp-dep-scan
owasp-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

18K 1K 131
owasp-dep-scan
ds-analysis-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

15K 1K 131
owasp-dep-scan
ds-xbom-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

15K 1K 131
owasp-dep-scan
ds-reporting-lib

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

15K 1K 131
aboutcode-org
aboutcode-pipeline

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

8K 201 191
appthreat
appthreat-depscan

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container images are supported as the input, and the tool is ideal for integration.

7K 1K 131
aboutcode-org
scancode-toolkit-mini

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

4K 3K 725
prancer-io
prancer-basic

prancer platform is an IaC Security engine + Continuous Compliance for your cloud (Azure, AWS, GCP) and Kubernetes environment

4K 122 30
aboutcode-org
scancodeio

ScanCode.io is a server to script and automate software composition analysis with pipelines. This project is sponsored by the European Commission, NLnet NGI0, the Google Summer of Code, nexB and others generous sponsors!

3K 201 191
rohaquinlop
immunipy

A Python SCA tool that acts as a watchdog, keeping an eye out for security vulnerabilities and reporting them promptly, written in Rust.

2K 10 2
trustsource
ts-scan

TrustSource Packages Scanner

2K 7 4
nexB
licensedcode-index

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

2K 3K 726
aboutcode-org
aboutcode-api-auth

Automate open source license compliance and ensure software supply chain integrity

1K 45 21
FiniteStateInc
finite-state-sdk

Python SDK for the Finite State Platform API

1K 4 1
nexB
licensedcode-data

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet, the Google Summer of Code, Azure credits, nexB and other generous sponsors!

1K 3K 726
owasp-dep-scan
ds-server-lib

Server library for owasp depscan

933 1K 131
tilakthimmappa
pyraider

Using PyRaider You can scan installed dependencies known security vulnerabilities. It uses publicly known exploits, vulnerabilities database.

899 18 0
J08nY
pyecsca

Python Elliptic Curve Side-Channel Analysis toolkit.

653 64 16
zkarpinski
codeinsight-sdk

A Python client for the Revenera Code Insight

548 2 1
appthreat
appthreat-vulndb

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.2, purl, and vers.

460 140 22