murphysec v1.8.2 releases: open source tool focused on software supply chain security
MurphySec CLI is used for detecting vulnerable dependencies from the command-line, and also can be integrated into your CI/CD pipeline.
- Analyze dependencies being used by your project, including direct and indirect dependencies
- Detect known vulnerabilities in project dependencies
How it works
MurphySec CLI obtains the dependency information of your project mainly by building the project or parsing the package manifest files.
The dependency information of the project will be uploaded to the server, and the dependencies with security issues in the project will be identified through the vulnerability knowledge base maintained by MurphySec.
Note: MurphySec CLI will only send the dependencies and basic information of your project to server for identifying the dependencies with security issues, and will not upload any code snippets.
- To detect security issues in your code locally
- To detect security issues in CI/CD pipeline
Copyright (C) 2022 murphysecurity