awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

Scanner de vulnérabilités

Classement mis à jour le 30 juin 2026

For un scanner open source pour les vulnérabilités de sécurité, the strongest matches are coreos/clair (Clair is a dedicated container vulnerability scanner that analyzes), future-architect/vuls (Vuls is an agentless vulnerability scanner that cross-references multiple) and google/osv-scanner (osv-scanner is a software composition analysis tool that scans). anchore/grype and aquasecurity/trivy round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.

Nous sélectionnons les dépôts GitHub open-source correspondant à « open source vulnerability scanner ». Les résultats sont classés par pertinence par rapport à votre recherche — utilisez les filtres ci-dessous pour affiner, ou utilisez l'IA.

Scanner de vulnérabilités

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • coreos/clairAvatar de coreos

    coreos/clair

    11,011Voir sur GitHub↗

    Clair is a container vulnerability scanner that performs static analysis of container images to identify known security vulnerabilities. It functions as an analyzer for OCI and Docker images, indexing their contents to detect security risks and outdated packages without requiring the containers to be running. The tool identifies vulnerabilities by matching indexed container components against security databases to find common vulnerabilities and exposures. This process involves analyzing filesystem layers to track the provenance and versioning of packages across the image hierarchy. The proj

    Clair is a dedicated container vulnerability scanner that analyzes container images for known CVEs and supports self-hosted deployment, CLI usage, and CI/CD integration, which squarely matches the need for scanning software dependencies and containers for security risks.

    GoContainer Security ScannersImage Vulnerability AssessmentsCVE Mapping
    Voir sur GitHub↗11,011
  • future-architect/vulsAvatar de future-architect

    future-architect/vuls

    12,185Voir sur GitHub↗

    Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit

    Vuls is an agentless vulnerability scanner that cross-references multiple CVE databases, scans dependencies via lockfile analysis, and supports container and OS scanning, making it a comprehensive self-hostable CLI tool that fits your requirements for identifying and remediating risks.

    GoContainer Security ScannersDependency AuditingDependency Vulnerability Scanners
    Voir sur GitHub↗12,185
  • google/osv-scannerAvatar de google

    google/osv-scanner

    10,565Voir sur GitHub↗

    osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act

    osv-scanner is a software composition analysis tool that scans project dependencies and container images against the Open Source Vulnerabilities database (which includes CVE data), supports CI/CD integration, generates reports (including SARIF), and runs as a self-hostable CLI — directly matching this search's requirements for a vulnerability scanner.

    GoContainer Image Vulnerability ScannersDependency Vulnerability ScannersDependency Vulnerability Scanning
    Voir sur GitHub↗10,565
  • anchore/grypeAvatar de anchore

    anchore/grype

    12,423Voir sur GitHub↗

    Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc

    Grype is a command-line software composition analysis tool that scans container images, filesystems, and software manifests for known vulnerabilities using a cached database of security advisories from multiple sources, making it a thorough vulnerability scanner with support for CI/CD, dependency scanning, and report generation.

    GoContainer Security ScannersVulnerability Scanning
    Voir sur GitHub↗12,423
  • aquasecurity/trivyAvatar de aquasecurity

    aquasecurity/trivy

    36,462Voir sur GitHub↗

    Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai

    Trivy is a self-hostable CLI vulnerability scanner that integrates CVE databases, scans dependencies, containers, and infrastructure as code, and is built for CI/CD pipelines with reporting capabilities—exactly the comprehensive tool this search describes.

    GoContainer Security ScannersVulnerability Intelligence Feeds
    Voir sur GitHub↗36,462
  • bridgecrewio/checkovAvatar de bridgecrewio

    bridgecrewio/checkov

    8,798Voir sur GitHub↗

    Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security

    Checkov is an open-source static analysis and security scanner that covers infrastructure as code, container images, and dependencies via SCA, directly matching the need for a vulnerability scanner with CVE integration, CLI, and CI/CD support.

    PythonCI/CD Pipeline IntegrationsDependency Vulnerability ScannersDependency Vulnerability Scanning
    Voir sur GitHub↗8,798
  • quay/clairAvatar de quay

    quay/clair

    11,012Voir sur GitHub↗

    Clair is a container image vulnerability scanner and security analyzer. It performs static analysis of container images by matching package contents against vulnerability databases to identify security risks across different package formats and architectures. The project functions as both an image indexer and a vulnerability database manager. It processes container layers into intermediate representations to enable fast security lookups and synchronizes security metadata from multiple external sources to maintain a local registry. Capability areas include continuous security monitoring, whic

    Clair is a specialized container image vulnerability scanner that analyzes container layers against CVE databases, making it a strong fit for scanning containers and their dependencies, though it focuses solely on containers rather than broader project or system scanning.

    GoContainer Security ScannersImage Vulnerability AssessmentsVulnerability Scanning
    Voir sur GitHub↗11,012
  • oneredoak/claude-code-workflowsAvatar de OneRedOak

    OneRedOak/claude-code-workflows

    3,636Voir sur GitHub↗

    This project is a suite of automated tools and an LLM code review framework designed for design auditing, security scanning, and AI-driven code analysis. It functions as a developer workflow orchestrator that uses static analysis agents and agent-based workflows to automate pull request analysis and security audits. The system employs a dual-loop agent architecture to coordinate primary analysis and secondary verification, reducing false positives. It distinguishes itself through the use of browser automation to perform live UI component testing and verify frontend changes against accessibili

    This repository is an open-source workflow orchestrator that includes dependency vulnerability scanning, static analysis, and security scanning with CI/CD integration, making it a valid software vulnerability scanner—just one that also covers broader code review and design auditing tasks.

    CI Pipeline IntegrationsCI/CDDependency Vulnerability Scanning
    Voir sur GitHub↗3,636
  • snyk/snykAvatar de snyk

    snyk/snyk

    5,586Voir sur GitHub↗

    Snyk is an application security testing platform designed to identify and remediate vulnerabilities across source code, open-source dependencies, container images, and infrastructure-as-code configurations. It functions as a comprehensive security workflow automation tool, utilizing a static analysis engine and dependency graph mapping to detect security flaws and license compliance issues throughout the software development lifecycle. The platform distinguishes itself through agentic workflow orchestration and an automated remediation pipeline that generates and submits pull requests to patc

    Snyk CLI is a comprehensive open-source tool that scans dependencies, containers, and source code for vulnerabilities via CVE integration, offers CLI and CI/CD integration, generates reports, and supports self-hosted deployment through its broker proxy, making it a strong fit for this search.

    TypeScriptContainer Image Vulnerability ScannersDependency Vulnerability ScannersDependency Vulnerability Scanning
    Voir sur GitHub↗5,586
  • nvidia/skillspectorAvatar de NVIDIA

    NVIDIA/SkillSpector

    10,778Voir sur GitHub↗

    SkillSpector is a security scanner designed to detect vulnerabilities and malicious patterns in AI agent plugins and extensions before they are installed. It functions as a runtime guardrail that calculates numeric risk scores and assigns severity labels to provide installation recommendations or block risky external extensions. The project distinguishes itself by using language models to perform semantic code analysis, evaluating code intent and context to reduce false positives. It also employs fingerprint-based issue suppression to track and ignore previously accepted risks across repeated

    SkillSpector is a vulnerability scanner specialized for AI agent plugins and extensions, using semantic analysis and CVE-based detection – it fits the software vulnerability scanner category but is narrowly focused on one type of component rather than general projects, containers, or dependencies.

    PythonDependency Vulnerability Scanners
    Voir sur GitHub↗10,778
  • snyk/cliAvatar de snyk

    snyk/cli

    5,428Voir sur GitHub↗

    The Snyk CLI is a command-line security scanner that detects known vulnerabilities across open-source dependencies, proprietary application code, container images, and infrastructure-as-code configuration files. It also serves as a platform management tool, allowing users to configure organizations, users, SSO, and reporting from the terminal rather than the web dashboard. The CLI integrates directly into development workflows, enabling scanning within IDEs, build pipelines, and version control systems. It implements static analysis with interfile data flow analysis to find complex security f

    Snyk’s CLI is an open-source command-line vulnerability scanner that checks dependencies, containers, and code for known CVEs and integrates with CI/CD, but it depends on Snyk’s proprietary backend rather than being a fully self‑hostable scanner.

    TypeScriptCI/CDCI/CD Pipeline IntegrationsContainer Image Scanning
    Voir sur GitHub↗5,428
  • sonarsource/sonarqubeAvatar de SonarSource

    SonarSource/sonarqube

    10,259Voir sur GitHub↗

    SonarQube is a static code analysis platform used to scan source code and infrastructure scripts across multiple languages. It detects bugs, security vulnerabilities, and maintainability issues to ensure software meets reliability and security standards. The platform implements automated quality gates for continuous integration and delivery pipelines, verifying code against defined rules during merge or pull requests. It also integrates directly with code editors to provide real-time analysis results and quick-fix guidance during development. The system covers broad functional areas includin

    SonarQube is a self-hostable static code analysis platform that detects security vulnerabilities in source code and infrastructure scripts, and it offers CI/CD integration, CLI scanning, and reporting; while it covers software vulnerability scanning, its core focus is on static analysis rather than dedicated dependency or container image scanning, so it fits the category but falls short of a comprehensive vulnerability scanner for all the listed features.

    JavaCI/CD Pipeline Integrations
    Voir sur GitHub↗10,259
  • aboutcode-org/scancode-toolkitAvatar de aboutcode-org

    aboutcode-org/scancode-toolkit

    2,567Voir sur GitHub↗

    ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le

    ScanCode Toolkit is a software composition analysis tool that includes dependency vulnerability scanning and generates SBOMs, making it a solid fit for a self-hostable CLI scanner with CI/CD integration and report generation, though container scanning is not its primary focus.

    PythonDependency Vulnerability ScannersDependency Vulnerability Scanning
    Voir sur GitHub↗2,567
  • dependencytrack/dependency-trackAvatar de DependencyTrack

    DependencyTrack/dependency-track

    3,612Voir sur GitHub↗

    Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity

    Dependency-Track is a software composition analysis platform that specializes in scanning dependencies and supply chain risk using SBOMs, with built-in CVE database mirroring, self-hosting, and CI/CD integration — exactly what this search needs, though container image scanning is not a primary focus.

    JavaDependency Vulnerability ScanningVulnerability Database APIs
    Voir sur GitHub↗3,612
  • bearer/bearerAvatar de Bearer

    Bearer/bearer

    2,566Voir sur GitHub↗

    Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co

    Bearer is a static analysis security testing tool that scans source code for vulnerabilities, secrets, and privacy leaks — a genuine software vulnerability scanner for your projects, though it does not cover dependency or container image scanning as built-in features.

    GoCI/CDCI/CD Pipeline Integrations
    Voir sur GitHub↗2,566
  • armosec/kubescapeAvatar de armosec

    armosec/kubescape

    11,482Voir sur GitHub↗

    Kubescape is a security platform for Kubernetes that provides tools for scanning clusters, configurations, and container images against industry compliance and security benchmarks. It functions as a suite of security utilities, including a compliance auditor, a misconfiguration scanner, and a container vulnerability scanner. The project differentiates itself through automated remediation and active enforcement. It can automatically patch operating system vulnerabilities in images and fix security errors within manifest files. It also utilizes an admission controller to block the deployment of

    Kubescape is a Kubernetes-focused security platform that scans container images for known vulnerabilities (CVE database), misconfigurations, and compliance issues, meeting the requirement for a self-hostable CLI tool with CI/CD integration even though its scope is limited to container and cluster scanning rather than general software dependency analysis.

    GoVulnerability Scanning
    Voir sur GitHub↗11,482
  • projectdiscovery/nucleiAvatar de projectdiscovery

    projectdiscovery/nuclei

    29,189Voir sur GitHub↗

    Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ

    Nuclei is a template-driven vulnerability scanner that detects known CVEs and misconfigurations across network protocols and services, fitting the core need for automated vulnerability identification, though it lacks dedicated software dependency scanning and container image analysis features requested.

    GoVulnerability DatabasesVulnerability Scanning
    Voir sur GitHub↗29,189
  • bitsadmin/wesngAvatar de bitsadmin

    bitsadmin/wesng

    4,881Voir sur GitHub↗

    This project is a set of specialized utilities for Windows vulnerability assessment and patch management auditing. It functions as a vulnerability scanner and exploit suggester that analyzes installed updates to identify missing security patches and their corresponding known vulnerabilities. The system distinguishes itself by matching missing updates against a consolidated vulnerability database to recommend specific publicly available exploits. It maintains accuracy by synchronizing remote security bulletins into a local database and cross-referencing identified gaps against official update

    wesng is a Windows-specific vulnerability scanner that identifies missing security patches and maps them to known CVEs and exploits, which fits the core need of scanning for vulnerabilities but does not cover dependency or container image scanning as required.

    PythonWindows Vulnerability AssessmentsExploit MappingExploit Recommendations
    Voir sur GitHub↗4,881
  • docker/scout-cliAvatar de docker

    docker/scout-cli

    450Voir sur GitHub↗

    Docker Scout CLI

    Docker Scout CLI is a container image vulnerability scanner that uses CVE data, generates SBOMs and reports, and works from the command line with CI/CD integration, making it a good fit for scanning containers and their dependencies, though its focus is narrower than general software project scanning.

    ShellImage Scanning and SBOM
    Voir sur GitHub↗450
  • openscap/openscapAvatar de OpenSCAP

    OpenSCAP/openscap

    1,669Voir sur GitHub↗

    OpenSCAP is a system and container vulnerability scanner that uses SCAP standards for compliance and CVE-based scanning, making it a genuine vulnerability scanner, though it lacks dedicated dependency scanning for software projects.

    XSLTCompliance and MonitoringImage Scanning and SBOMSecurity & Privacy
    Voir sur GitHub↗1,669
Comparez le top 10 en un coup d'œil
DépôtStarsLangageLicenceDernier push
coreos/clair11KGoApache-2.016 juin 2026
future-architect/vuls12.2KGoGPL-3.017 juin 2026
google/osv-scanner10.6KGoApache-2.022 juin 2026
anchore/grype12.4KGoApache-2.016 juin 2026
aquasecurity/trivy36.5KGoApache-2.016 juin 2026
bridgecrewio/checkov8.8KPythonApache-2.015 juin 2026
quay/clair11KGoApache-2.016 juin 2026
oneredoak/claude-code-workflows3.6K—mit14 sept. 2025
snyk/snyk5.6KTypeScriptNOASSERTION17 juin 2026
nvidia/skillspector10.8KPythonApache-2.025 juin 2026

Related searches

  • un scanner de sécurité automatisé pour applications web
  • un antivirus open source pour la protection du système
  • plateforme de gestion des vulnérabilités
  • Scan de vulnérabilités et de dépendances
  • an open source tool for network security
  • un scanner internet auto-hébergé
  • un scanner de sécurité applicative dynamique (DAST)
  • scanner de vulnérabilités pour conteneurs