Catching the LiteLLM and Telnyx supply chain zero-days via semantic analysis
8 hours ago
- #vulnerability scanning
- #automation
- #multi-ecosystem
- Multi-Ecosystem support for npm (package.json) and Python (requirements.txt) with more coming soon
- Remote repository scanning by cloning and scanning any Git repository without manual setup
- Multiple data sources querying OSV for comprehensive vulnerability coverage
- Provenance verification automatically checks SLSA attestations to verify package integrity
- Beautiful UI with colorful, emoji-rich terminal output and automatic light/dark mode detection
- CI/CD ready with JSON output and exit codes for automation pipelines
- Severity filtering allows filtering vulnerabilities by level (CRITICAL, HIGH, MEDIUM, LOW)
- Recursive scanning automatically finds all dependency files in the project tree
- Fast and efficient with parallel API requests and smart caching for quick scans
- Extensible design for easy addition of new data sources and package managers
- Installation involves installing the tool globally and scanning the project