Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

5 stars 3 forks 5 watchers TypeScript Apache License 2.0
cli cyclonedx devsecops docker elvatis github-action glassworm golang malware-detection npm pypi rust sarif sbom scanner security slsa supply-chain threat-intelligence
8 Open Issues Need Help Last updated: Jul 2, 2026

Open Issues Need Help

View All on GitHub
enhancement help wanted

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
documentation good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
documentation good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
documentation good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
good first issue

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence
good first issue ecosystem

Open-source supply-chain security scanner for npm, PyPI, Cargo, Go, RubyGems, Composer, NuGet, Docker, VS Code extensions, GitHub Actions, IaC and Solana C2. Detects GlassWorm, Shai-Hulud and 180+ threat indicators. CycloneDX SBOMs, SLSA verification, attack-chain correlation.

TypeScript
#cli#cyclonedx#devsecops#docker#elvatis#github-action#glassworm#golang#malware-detection#npm#pypi#rust#sarif#sbom#scanner#security#slsa#supply-chain#threat-intelligence