# Vulnerability and Dependency Scanning > Search results for `Vulnerability and Dependency Scanning` on awesome-repositories.com. 110 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/vulnerability-and-dependency-scanning **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/vulnerability-and-dependency-scanning).** ## Results - [chalarangelo/30-seconds-of-code](https://awesome-repositories.com/repository/chalarangelo-30-seconds-of-code.md) (128,121 ⭐) — 30-seconds-of-code is a comprehensive knowledge base and programming snippet library designed to support software engineering education and professional development. It provides a curated collection of reusable code units and technical guides that help developers master core language mechanics, design patterns, and architectural philosophies. The project distinguishes itself by offering a wide-ranging library of algorithmic solutions and web development patterns that are organized into modular, independently testable units. It emphasizes functional programming paradigms and declarative logic, - [google/osv-scanner](https://awesome-repositories.com/repository/google-osv-scanner.md) (10,565 ⭐) — osv-scanner is a software composition analysis tool and vulnerability scanner that checks project dependencies and container images against the Open Source Vulnerabilities database. It functions as a dependency remediation tool and can be integrated into custom Go applications as a programmable security library. The project distinguishes itself through a remediation workflow that includes an interactive terminal user interface and automated scripting for upgrading vulnerable packages in lockfiles and manifests. It employs call-graph reachability analysis to determine if vulnerable code is act - [projectdiscovery/subfinder](https://awesome-repositories.com/repository/projectdiscovery-subfinder.md) (13,105 ⭐) — Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc - [quarkusio/quarkus](https://awesome-repositories.com/repository/quarkusio-quarkus.md) (15,479 ⭐) — Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program - [projectdiscovery/nuclei](https://awesome-repositories.com/repository/projectdiscovery-nuclei.md) (29,189 ⭐) — Nuclei is a modular security scanning framework designed for automated vulnerability detection and infrastructure reconnaissance. It functions as a template-driven engine that executes security checks across diverse network protocols, allowing users to define custom detection logic to identify vulnerabilities, misconfigurations, and exposed assets. The platform distinguishes itself through its highly extensible architecture, which supports distributed scanning, headless browser automation for dynamic web content, and out-of-band interaction monitoring to detect blind vulnerabilities. It integ - [lucasg/dependencies](https://awesome-repositories.com/repository/lucasg-dependencies.md) (11,607 ⭐) — Dependencies is a static analysis utility designed to inspect Windows portable executable files and map their library dependency hierarchies. It functions as a diagnostic interface for validating library imports and identifying the specific modules required for an application to execute on a Windows system. The tool distinguishes itself by performing deep binary analysis, including the resolution of complex Windows API set schemas and forwarded export redirections. It identifies libraries loaded on demand through delay-load module analysis and performs recursive traversal to map the full tree - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe - [keygraphhq/shannon](https://awesome-repositories.com/repository/keygraphhq-shannon.md) (44,672 ⭐) — Shannon is an integrated security platform designed for autonomous penetration testing, static and dynamic analysis, and automated vulnerability remediation within self-hosted, private infrastructure. It functions as a unified security suite that orchestrates the entire lifecycle of vulnerability management, from initial discovery and reachability prioritization to the generation and verification of code-level patches. The platform distinguishes itself through its agentic approach to security, deploying autonomous agents to execute both black-box and white-box exploits against running applica - [aidenybai/react-scan](https://awesome-repositories.com/repository/aidenybai-react-scan.md) (21,370 ⭐) — React Scan is a diagnostic utility and performance auditor designed to monitor the rendering lifecycle of components within user interfaces. It functions as an automated analysis tool that tracks component re-render cycles and execution timing to identify performance bottlenecks in real time. The tool distinguishes itself by providing visual feedback through a persistent overlay injected directly into the application. By instrumenting the reconciliation process and observing component state and props, it highlights specific rendering patterns that contribute to performance degradation. This - [actions/starter-workflows](https://awesome-repositories.com/repository/actions-starter-workflows.md) (11,694 ⭐) — This project provides a comprehensive library of standardized workflow templates designed to automate continuous integration, deployment, and repository maintenance tasks. By offering a collection of pre-configured blueprints, it enables developers to initialize and manage automated pipelines for diverse programming languages and platforms using declarative configuration files. The repository functions as a centralized resource for bootstrapping automation, allowing teams to inject repository-specific metadata and dynamic variables into standardized templates. This approach ensures consistent - [future-architect/vuls](https://awesome-repositories.com/repository/future-architect-vuls.md) (12,185 ⭐) — Vuls is an agentless vulnerability scanner and CVE intelligence aggregator. It identifies security flaws in operating systems, containers, and network devices without requiring the installation of permanent software agents on target machines. The project distinguishes itself by cross-referencing software versions against multiple vulnerability databases, security advisories, and known exploit catalogs. It utilizes platform-based enumeration and lockfile analysis to detect vulnerabilities in network hardware, programming libraries, and website plugins. The tool covers a broad range of securit - [multilang-depends/depends](https://awesome-repositories.com/repository/multilang-depends-depends.md) (253 ⭐) — Depends is a fast, comprehensive code dependency analysis tool - [spaceraccoon/npm-scan](https://awesome-repositories.com/repository/spaceraccoon-npm-scan.md) (50 ⭐) — An extensible, heuristic-based vulnerability scanning tool for installed npm packages - [addyosmani/agent-skills](https://awesome-repositories.com/repository/addyosmani-agent-skills.md) (60,849 ⭐) — Agent-skills is a collection of structured instructions and behavioral personas designed to standardize how AI coding agents perform engineering tasks. It functions as a workflow orchestrator that maps natural language intent to repeatable technical sequences and verification checklists. The project distinguishes itself through the use of specialized markdown-defined roles, such as security auditors or test engineers, to apply targeted domain expertise. It employs an evidence-based verification model that requires runtime data or passing tests as mandatory exit criteria to ensure AI-generated - [dependencytrack/dependency-track](https://awesome-repositories.com/repository/dependencytrack-dependency-track.md) (3,612 ⭐) — Dependency-Track is a software composition analysis tool and vulnerability management system designed to track dependencies and supply chain risk. It functions as a platform for ingesting and analyzing CycloneDX software bills of materials to identify known vulnerabilities and license compliance issues within third-party software components. The system distinguishes itself by mirroring external vulnerability databases locally to enable fast offline analysis and using VEX documents to differentiate between technical vulnerabilities and actual contextual risks. It also integrates with identity - [lirantal/npm-security-best-practices](https://awesome-repositories.com/repository/lirantal-npm-security-best-practices.md) (1,178 ⭐) — This project provides a comprehensive framework for securing the software supply chain within the Node.js ecosystem. It focuses on mitigating risks associated with third-party dependencies by implementing technical controls and governance policies designed to prevent malicious code injection and ensure the integrity of the development environment. The guide distinguishes itself by offering specific hardening techniques for package management, such as disabling automatic execution of lifecycle scripts and enforcing strict registry-scoped dependency routing to prevent dependency confusion. It e - [kubescape/kubescape](https://awesome-repositories.com/repository/kubescape-kubescape.md) (11,489 ⭐) — Kubescape is a Kubernetes security posture management platform designed to scan clusters, manifests, and images for misconfigurations, vulnerabilities, and compliance risks. It functions as a comprehensive security suite incorporating a compliance scanner, a container image vulnerability scanner, an admission controller for policy enforcement, and a runtime security monitor. The platform distinguishes itself through runtime-aware vulnerability filtering, which maps libraries loaded in memory to determine if vulnerabilities are actually reachable. It also integrates with AI assistants via a Mo - [security-code-scan/security-code-scan](https://awesome-repositories.com/repository/security-code-scan-security-code-scan.md) (975 ⭐) — Vulnerability Patterns Detector for C# and VB.NET - [oven-sh/bun](https://awesome-repositories.com/repository/oven-sh-bun.md) (93,257 ⭐) — Bun is a high-performance runtime environment designed to execute JavaScript and TypeScript applications with minimal latency and high throughput. Built on a native core implemented in Zig, it provides a unified execution engine that leverages JavaScriptCore for efficient memory management and low-latency startup. The project functions as an all-in-one toolchain, integrating a native bundler, transpiler, package manager, and test runner into a single command-line interface. What distinguishes Bun is its focus on native system integration and developer productivity. It features a high-performa - [npm/cli](https://awesome-repositories.com/repository/npm-cli.md) (9,846 ⭐) — This project is a command line interface for managing, installing, and publishing JavaScript packages to a remote registry. It serves as a dependency resolution tool, a software registry publishing client, and a security auditor for Node.js development workflows. The tool distinguishes itself by providing integrated monorepo workspace management and a comprehensive registry authentication client that supports multi-factor authentication. It enables detailed control over the software supply chain through provenance attestations, package signature verification, and the generation of a Software - [owasp/cheatsheetseries](https://awesome-repositories.com/repository/owasp-cheatsheetseries.md) (32,298 ⭐) — The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral - [albuch/sbt-dependency-check](https://awesome-repositories.com/repository/albuch-sbt-dependency-check.md) (266 ⭐) — SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow: - [nvidia/nemo-guardrails](https://awesome-repositories.com/repository/nvidia-nemo-guardrails-2.md) (6,453 ⭐) — NeMo-Guardrails is a toolkit for adding programmable safety constraints and dialogue boundaries to large language model conversational systems. It functions as security middleware that intercepts inputs and outputs to block prompt injections, jailbreaks, and sensitive data leaks, while providing a conversational dialogue manager to define structured interaction flows through configuration files. The framework includes a hallucination filter to screen model outputs for factual accuracy and a specialized modeling language for defining conversational flows and constraints. It provides capabiliti - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [voltagent/awesome-claude-code-subagents](https://awesome-repositories.com/repository/voltagent-awesome-claude-code-subagents.md) (21,906 ⭐) — This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven - [zhyfeng/dependency](https://awesome-repositories.com/repository/zhyfeng-dependency.md) (25 ⭐) — This artifact is for paper "Demystifying the Dependency Challenge in Kernel Fuzzing". Fuzz testing operating system kernels remains a daunting task to date. One known challenge is that much of the kernel code is locked under specific kernel states and current kernel fuzzers are not effective in… - [openhands/openhands](https://awesome-repositories.com/repository/openhands-openhands.md) (77,330 ⭐) — OpenHands is an autonomous agent framework designed for software engineering workflows. It provides a modular platform for orchestrating AI agents that reason, plan, and execute tasks within isolated, containerized development environments. By integrating with standard version control and development tools, the system enables agents to autonomously navigate codebases, implement features, and resolve issues through iterative reasoning and tool execution. The platform distinguishes itself through a model-agnostic orchestrator that connects diverse language models to a unified tool registry. It - [hadarmanor/public-vulnerabilities](https://awesome-repositories.com/repository/hadarmanor-public-vulnerabilities.md) (14 ⭐) — All my public vulnerabilities. - [github/opensource.guide](https://awesome-repositories.com/repository/github-opensource-guide.md) (15,530 ⭐) — This project serves as a comprehensive repository of best practices and documentation standards for managing open source software. It provides a foundational framework for establishing project governance, defining contributor roles, and structuring the lifecycle of collaborative software development. By centralizing knowledge on community building and operational transparency, it acts as a guide for launching, maintaining, and scaling healthy software projects. The project distinguishes itself by offering actionable strategies for the human and organizational aspects of software development t - [vulnerscom/nmap-vulners](https://awesome-repositories.com/repository/vulnerscom-nmap-vulners.md) (3,381 ⭐) — NSE script based on Vulners.com API - [nasa/fprime](https://awesome-repositories.com/repository/nasa-fprime.md) (10,766 ⭐) — F Prime is a component-based framework designed for the development and deployment of embedded and spaceflight software. It provides a modular architecture that decouples software logic from communication interfaces, allowing developers to define system structures through a domain-specific modeling language. This model-based approach enables automated code generation, ensuring consistency across complex system topologies while maintaining strict interface contracts between software modules. The framework distinguishes itself through its integrated build system and ground data operations suite - [punkpeye/awesome-mcp-servers](https://awesome-repositories.com/repository/punkpeye-awesome-mcp-servers.md) (89,264 ⭐) — This project serves as a centralized directory and interoperability hub for the Model Context Protocol, providing a curated collection of standardized service connectors that bridge artificial intelligence models with external software, databases, and APIs. It facilitates the integration of AI agents with diverse ecosystems by offering a registry of machine-readable interface definitions that enable dynamic tool discovery and structured context injection. The directory distinguishes itself by focusing on the protocol-based interoperability required for autonomous AI agents to interact with he - [marcguilera/dependencies.dart](https://awesome-repositories.com/repository/marcguilera-dependencies-dart.md) (31 ⭐) — This is a simple and flexible dependency injection container for dart. - [pumasecurity/puma-scan](https://awesome-repositories.com/repository/pumasecurity-puma-scan.md) (449 ⭐) — Puma Scan is a .NET software secure code analysis tool providing real time, continuous source code analysis as development teams write code. In Visual Studio, vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs… - [asyncfuncai/deepwiki-open](https://awesome-repositories.com/repository/asyncfuncai-deepwiki-open.md) (14,362 ⭐) — This platform is an automated documentation and codebase analysis system designed to generate structured wikis, technical guides, and interactive diagrams from source code repositories. It functions as a retrieval-augmented generation framework that connects codebases to language models, enabling context-aware answers, deep research, and automated documentation updates through semantic vector search. The system distinguishes itself through a self-hosted, containerized architecture that supports both cloud-based and local AI model execution. It provides sophisticated model orchestration, allow - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro - [google/osv.dev](https://awesome-repositories.com/repository/google-osv-dev.md) (2,494 ⭐) — OSV is a distributed database and aggregator of open-source security advisories that uses a standardized vulnerability schema to track security flaws. It functions as a system for collecting and normalizing security data from diverse ecosystems into a single unified format, providing a web API for querying package vulnerabilities and submitting standardized records. The project distinguishes itself through a security advisory distribution service that supports bulk dataset exports via cloud storage buckets and incremental synchronization of security record updates. It also employs sandbox-bas - [sverweij/dependency-cruiser](https://awesome-repositories.com/repository/sverweij-dependency-cruiser.md) (6,804 ⭐) — Validate and visualise dependencies. With your rules. JavaScript. TypeScript. CoffeeScript. ES6, CommonJS, AMD. - [cr0hn/vulnerable-node](https://awesome-repositories.com/repository/cr0hn-vulnerable-node.md) (487 ⭐) — A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools - [jpetrie/fetch-dependency](https://awesome-repositories.com/repository/jpetrie-fetch-dependency.md) (4 ⭐) — Configuration-time dependency management for CMake. - [viatsko/awesome-vscode](https://awesome-repositories.com/repository/viatsko-awesome-vscode.md) (28,754 ⭐) — This project is a curated directory of resources, extensions, and themes designed to extend the functionality of the Visual Studio Code editor. It serves as a comprehensive index for developers seeking to enhance their coding environment, offering a structured collection of community-driven tools that streamline development workflows and improve editor productivity. The directory distinguishes itself by organizing a vast ecosystem of plugins into logical categories, ranging from language-specific intelligence and version control integrations to advanced productivity utilities. It highlights t - [bishopfox/iam-vulnerable](https://awesome-repositories.com/repository/bishopfox-iam-vulnerable.md) (574 ⭐) — Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. - [minio/minio](https://awesome-repositories.com/repository/minio-minio.md) (60,346 ⭐) — MinIO is a software-defined, cloud-native object storage server designed to manage large volumes of unstructured data. It functions as a distributed storage cluster that aggregates multiple independent nodes into a unified, scalable pool, providing a high-performance infrastructure compatible with standard cloud storage protocols and application programming interfaces. The system utilizes a shared-nothing architecture that eliminates central metadata servers, relying instead on a decentralized hash table to map objects across the cluster. Data availability and resilience are maintained throug - [aboutcode-org/scancode-toolkit](https://awesome-repositories.com/repository/aboutcode-org-scancode-toolkit.md) (2,567 ⭐) — ScanCode Toolkit is a software composition analysis tool and scanning framework designed to identify open-source licenses and copyright statements in source code and binary files. It functions as an open-source license detector, a dependency vulnerability scanner, and a generator for standardized software bills of materials in SPDX and CycloneDX formats. The project is built as a plugin-based scanning framework, allowing the integration of custom detection logic, specialized analyzers, and modified scanning behaviors at runtime. It distinguishes itself through the ability to produce formal le - [18f/domain-scan](https://awesome-repositories.com/repository/18f-domain-scan.md) (388 ⭐) — A lightweight scan pipeline for orchestrating third party tools, at scale and (optionally) using serverless infrastructure. - [valeriansaliou/sonic](https://awesome-repositories.com/repository/valeriansaliou-sonic.md) (21,249 ⭐) — Sonic is a high-performance, lightweight search backend designed to provide real-time full-text search and autocomplete capabilities for applications. It functions as a persistent indexing server that maps text terms to object identifiers, allowing developers to integrate rapid search functionality without storing raw document content directly within the search engine. The system distinguishes itself through a specialized graph-based index that enables real-time word prediction and typo correction. Communication is handled via a custom, low-latency binary protocol over raw TCP sockets, which - [vulnerscom/burp-vulners-scanner](https://awesome-repositories.com/repository/vulnerscom-burp-vulners-scanner.md) (897 ⭐) — Vulnerability scanner based on vulners.com search API - [fastapi/fastapi](https://awesome-repositories.com/repository/fastapi-fastapi.md) (99,260 ⭐) — FastAPI is a web framework for building APIs with Python. It leverages standard language type hints to provide automatic data validation, request parsing, and interactive API documentation generation. The framework supports asynchronous request handling and manages execution contexts to prevent blocking the main event loop. The project includes a dependency injection system that allows for the resolution and injection of reusable components into request handlers. This system supports request-scoped caching, lifecycle management, and integration with security mechanisms like OAuth2 and JSON We - [owasp/top10](https://awesome-repositories.com/repository/owasp-top10.md) (5,273 ⭐) — This project is a web application security standard and vulnerability framework. It provides a comprehensive list of the most critical security risks facing web applications, paired with technical guidance and a structured methodology for identifying and mitigating these flaws. The framework functions as a secure coding guide and a risk assessment methodology, offering a standardized approach to prioritizing vulnerabilities based on their potential impact and likelihood of exploitation. It defines architectural patterns and technical recommendations to help developers implement defense in dep - [analysis-tools-dev/static-analysis](https://awesome-repositories.com/repository/analysis-tools-dev-static-analysis.md) (14,389 ⭐) — This project is a comprehensive, curated directory of static analysis, linting, and security scanning utilities. It serves as a central resource for developers to discover, compare, and select tools based on specific programming languages, licensing models, and integration requirements. The directory distinguishes itself by providing deep metadata for each listed utility, including community-driven popularity rankings, maintenance status, and deployment methods. By aggregating these tools into a single searchable index, it enables teams to identify solutions for enforcing coding standards, ma