Software Supply Chain Analysis

Analyze a repository, SBOM, or lockfile for dependency risk, OSV advisories, and vulnerable paths.

Start with demo data

Use a seeded project with vulnerable transitive dependencies and a complete blast-radius graph.

Paste a public GitHub repo

The app downloads the public archive and scans the supported dependency files it finds.

Upload an SBOM or lockfile

Supports CycloneDX JSON, npm, pnpm, Python, Go, and Cargo files for the first local pass.

Recent snapshots

Project Source Components Findings Imported
OWASP/NodeGoat npm package-lock 1480 255 2026-04-26 21:21
openclaw/openclaw GitHub repository 3701 91 2026-04-26 21:15
openclaw/openclaw GitHub repository 3701 91 2026-04-26 21:11
acme-platform Seeded demo 9 13 2026-04-26 21:11
openclaw/openclaw GitHub repository 3701 91 2026-04-26 20:42