Software Supply Chain Analysis

Analyze a repository, SBOM, or lockfile for dependency risk, OSV advisories, and vulnerable paths.

Start with demo data

Use a seeded project with vulnerable transitive dependencies and a complete blast-radius graph.

Paste a public GitHub repo

The app downloads the public archive and scans the supported dependency files it finds.

Upload an SBOM or lockfile

Supports CycloneDX JSON, npm, pnpm, Python, Go, and Cargo files for the first local pass.

Recent snapshots

Project Source Components Findings Imported
gchq/CyberChef npm package-lock 1483 15 2026-05-14 03:19
zeek/zeek GitHub repository 12 0 2026-05-14 03:17
openai/openai-agents-python GitHub repository 245 37 2026-05-05 15:14
snyk/goof npm package-lock 1275 268 2026-05-05 15:11
openclaw/openclaw GitHub repository 3710 91 2026-05-05 14:38
openclaw/openclaw GitHub repository 3710 91 2026-05-05 14:23
openai/chatkit-python GitHub repository 91 15 2026-05-01 18:18
openai/openai-agents-python GitHub repository 245 37 2026-05-01 18:17
openai/frontier-evals GitHub repository 870 183 2026-05-01 18:15
openai/euphony GitHub repository 388 0 2026-05-01 18:14