Use our Command Line Interface to scan quickly or automate your scans using our plugins for Maven, Gradle, Jenkins, Travis CI and our source code management agent.
Your source code never leaves your network, and your results are always encrypted when being transmitted and stored.
Run your analysis against repos, branches, tags or any combination. We discover which libraries are in use, all of their dependencies, where they came from, who wrote them, how they are licensed and, of course, if they have any vulnerabilities.
Our vulnerability data combines public vulnerability feeds with data science and machine learning. We have the most comprehensive data in the industry.
A library might be vulnerable, but you may not be exposed. Our method-level analysis focuses on issues that actually matter.
Get concise, actionable guidance, including technical teardowns, exploit code and test scripts. Make the fixes part of your workflow through our JIRA integration or leverage our issue tracker API.
Public vulnerability databases contain a small fraction of the vulnerabilities that exist in the world’s open-source libraries. Relying solely on public databases exposes you to real risks.
To build the most comprehensive vulnerability data possible, we supplement public databases with data we extract from the millions of libraries that we sync, track and analyze. Using some nifty data science, we have built the world’s most comprehensive registry of open-source security information.
Install an agent, complete your first repo scan and we'll send you a free SourceClear t-shirt