Open Source is awesome! For the past years, open source has been proven to reduce development effort and enable developers to focus on business logic rather than reinventing the wheel. We can't see our lives without open source anymore. In fact, we have a few open source projects of our own. Check them out!

But every coin has two sides and along with all the benefits there are some thorns. Vulnerabilities can be distributed through direct or indirect usage of open source code. You can find yourself vulnerable even when using a very popular library, without even knowing. Knowing is better than not knowing. And being able to remediate is even better.

We provide all this in Spectral Open Source.

Scan for open source vulnerabilities in your repositories by running the open source engine:
spectral scan --engines oss

Languages and package managers support

We support the following ecosystems and package managers:

C, C++ (conan)
Dart (pubs)
Dotnet (deps.json)
Objective-C (cocoapods)
Elixir (mix)
Erlang (rebar3)
Go (go.mod, Go binaries)
Haskell (cabal, stack)
Java (jar, ear, war, par, sar, nar, native-image)
JavaScript (npm, yarn)
Jenkins Plugins (jpi, hpi)
Nix (outputs in /nix/store)
PHP (composer)
Python (wheel, egg, poetry, requirements.txt)
Ruby (gem)
Rust (cargo.lock)
Swift (cocoapods)