The best open source alternative to Snyk is Artemis Security Scanner. If that doesn't suit you, our users have ranked more than 25 alternatives to Snyk and ten of them is open source so hopefully you can find a suitable replacement. Other interesting open source alternatives to Snyk are Mend Renovate, Metaport, Libraries.io and Dependabot.
Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions.
Mend Renovate is a software product that helps developers automate dependency updates by identifying new package versions and delivering them to the application's codebase. It can generate pull requests and issues in the repository with details about the updates, including...
Software teams need a single view of all client projects—to identify expiring components and surface shared security vulnerabilities, before they turn into urgent work.
Discover open source libraries to use in your software projects and be notified of new releases to keep your applications up to date and secure.
Keep your dependencies on GitHub up to date without the automatic creation of the Pull Requests to update the dependency and checking for the known vulnerabilities.
https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Pipelock is an open-source agent firewall written in Go. It runs as a sidecar or local service between an agent and the network, scanning HTTP, WebSocket, and Model Context Protocol traffic through an 11-layer pipeline.
Dependency Track SaaS provided by YourSky.blue is the managed cloud solution of the popular open-source Dependency-Track. Always up to date with the latest security bulletins, it allows to easily monitor all the chain of software components through powerful dashboards and...
vet is a tool for protecting against open source software supply chain attacks. To adapt to organizational needs, it uses an opinionated policy expressed as Common Expressions Language and extensive package security metadata including:
PackageFix is a free browser-based dependency security fixer. Paste your manifest file and get back a fixed version with every vulnerable package patched — ready to download in one click.
Poland
EU
Israel
New Zealand
United Kingdom
United States
Switzerland
India
Norway
It only looks at open source libraries. Snyk looks at all dependencies AND code.