Sandworm favicon

Sandworm
Easy Security & License Audits For JavaScript And PHP Dependencies

Sandworm
Freemium

Home: https://sandworm.dev

Social:
Sandworm

What is Sandworm?

Sandworm performs static and dynamic analysis of millions of code packages to identify security vulnerabilities and license compliance issues within software supply chains. The platform generates detailed audit reports that cover security vulnerabilities, license permissions, metadata issues, and dependency visualization.

The tool supports multiple package managers including npm, Yarn, pnpm, and Composer, with plans to expand to CycloneDX, pip, and maven. It outputs JSON issue reports, license usage data, CSV dependency information, and provides visualizations of dependency trees and treemaps for enhanced analysis.

Features

  • Security Vulnerability Scanning: CVE scan for entire dependency tree to identify security risks
  • License Compliance Analysis: Set granular license permissions and perform OSI & SPDX compliance checks
  • Dependency Visualization: Generate easy-to-read dependency tree and treemap visualizations
  • Multiple Package Manager Support: Works with npm, Yarn, pnpm, and Composer
  • Report Generation: Outputs JSON issue reports, license usage data, and CSV dependency information

Use Cases

  • Auditing JavaScript dependencies for security vulnerabilities
  • Checking PHP project dependencies for license compliance
  • Monitoring GitHub repositories for dependency issues
  • Generating compliance reports for software supply chains
  • Visualizing dependency trees for complex applications

FAQs

  • What package managers does Sandworm support?
    Sandworm currently supports npm, Yarn, pnpm, and Composer, with plans to add support for CycloneDX, pip, and maven in the future.
  • What types of issues does Sandworm detect?
    Sandworm detects security vulnerabilities, license compliance issues, metadata problems, deprecated packages, install scripts, and repository checks.
  • How does Sandworm generate reports?
    Sandworm outputs JSON issue reports, license usage data, CSV dependency information, and provides dependency tree and treemap visualizations.
  • What is included in the free tier?
    The free tier includes one monthly security and license audit report per repository (limited to main branch), CVE scanning, license compliance checks, metadata issue detection, and visualizations with community support.

Related Queries

Helpful for people in the following professions

Blogs:

  • Best AI Tools For Startups

    Best AI Tools For Startups

    we've compiled a straightforward list of user-friendly AI tools designed to give startups a boost. Discover practical solutions to streamline everyday tasks, enhance productivity, and gain valuable insights without the need for a tech expert. Learn where and how these tools can be applied in your startup journey, from automating repetitive tasks to unlocking powerful data analysis. Join us as we explore the features that make these AI tools accessible and beneficial for startups in various industries. Elevate your business with technology that works for you!

  • Best ai tools for Twitter Growth

    Best ai tools for Twitter Growth

    The best AI tools for Twitter's growth are designed to enhance user engagement, increase followers, and optimize content strategy on the platform. These tools utilize artificial intelligence algorithms to analyze Twitter trends, identify relevant hashtags, suggest optimal posting times, and even curate personalized content.

  • Best AI tools for Room Design

    Best AI tools for Room Design

    Discover cutting-edge AI tools that redefine the art of room design. From layout optimization to aesthetic finesse, these top-tier tools enhance your space to new heights.

Didn't find tool you were looking for?

Be as detailed as possible for better results