Open-source SCA scanner
Scan GitHub orgs and repos across 8 package ecosystems, then enrich every finding with OSV, NVD, EPSS, and KEV data — before it ships.
dKatchr walks your org's repos, resolves every dependency, and cross-references it against the sources that matter.
npm, PyPI, Maven, Go, and more — 8 ecosystems, one scan, across whole GitHub orgs.
Every finding cross-referenced against OSV, NVD, EPSS, and KEV — so severity reflects reality.
Typosquatting and dependency confusion checks catch what CVE feeds miss.
Scriptable, CI-friendly, no dashboard required. Pipe results wherever you need them.
100% open source
No black box. Read the scan logic, run it yourself, or contribute a new ecosystem. It's all on GitHub.
github.com/dkatchr/dkatchr-coreFor security teams who need more than a scanner. No details yet — just watch this space.