murphysec
An open source tool focused on software supply chain security.
MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline. Currently supports Java, JavaScript, Golang. Other development languages will be gradually supported in the future.
How it works:
1. MurphySec CLI obtains the dependency information of your project mainly by building the project or parsing the package manifest files.
2. The dependency information of the project will be uploaded to the server, and the dependencies with security issues in the project will be identified through the vulnerability knowledge base maintained by MurphySec.