Pricing

$1,250.00 / 1,000 oss risk reports

OSS Supply Chain Risk Report - PyPI, npm, OSV and Docker Hub

Audit Python packages, npm packages, Docker images, lockfiles, SBOMs, and Dockerfiles for vulnerability, maintenance, freshness, popularity, and metadata risk signals.

Pricing

$1,250.00 / 1,000 oss risk reports

Rating

0.0

(0)

Developer

Sean

Actor stats

Bookmarked

Total users

Monthly active users

11 hours ago

Last modified

Use cases

Check requirements.txt and pinned PyPI versions before vendor security review.
Extract npm package-lock dependencies and identify vulnerable package versions through OSV data.
Parse Dockerfile FROM images and audit Docker Hub freshness and metadata.
Turn CycloneDX or SPDX-like SBOM package URLs into structured risk rows.
Create dependency triage datasets for procurement, security questionnaires, and due-diligence workflows.

Search-friendly workflows

SBOM vulnerability API for Apify users.
Docker image risk checker for vendor review.
PyPI and npm dependency risk report for security teams.
Open-source package due-diligence workflow for procurement.

This Actor is part of the Security Risk Intelligence Suite:

OSS Supply Chain Risk Report for package, lockfile, SBOM, and Docker image risk.
SEC Red Flag Monitor for public-company filing risk.
Startup Funding Signal Report for startup funding and traction signals.

Use the three together to build repeatable due-diligence, procurement, and security-review workflows from public data.

Public examples and tutorials: https://github.com/shamusj-create/security-risk-intelligence-apify

Suite positioning: see ../docs/suites/SECURITY_RISK_INTELLIGENCE_SUITE.md.

Pricing

Recommended pay-per-event pricing:

Event: oss-risk-report
Price: $1.25
Unit: one bounded oss risk report

The Actor charges before making public-data requests so Apify spending limits can stop work cleanly.

Example Input

{
    "pypiPackages": [
        "requests",
        "django"
    ],
    "pypiPackageVersions": [
        "requests==2.31.0"
    ],
    "requirementsText": "",
    "dockerImages": [
        "library/redis",
        "nginx"
    ],
    "dockerfileText": "",
    "packageLockJson": {},
    "sbomJson": {},
    "includeNvdKeywordSearch": true,
    "nvdLookbackDays": 365,
    "concurrency": 1
}

Output

Each dataset row includes a status, score, confidence, summary, recommendations, highlights, disambiguation details, metrics, source payloads, and timestamp.

This Actor uses public/read-only data sources. SEC-backed requests require secContactEmail and include it in the SEC fair-access User-Agent. The included research@example.com smoke-test default is only for local examples; use a real contact email for production runs.

PyPI Vulnerability Scraper

taroyamada/pypi-package-intelligence

Extract Python package metadata from PyPI and enrich it with OSV database alerts. Monitor dependencies for new version releases and critical CVE identifiers.

太郎山田

npm License & Deprecation Checker

taroyamada/npm-package-intelligence

Audit npm libraries for deprecated versions, abandoned repositories, and specific open-source licenses to maintain healthy JavaScript supply chains.

太郎山田

PyPI Packages Scraper

parseforge/pypi-packages-scraper

Pull Python package data from PyPI. Returns name, version, summary, description, classifiers, license, author, project URLs (homepage, source, issues, docs), Python version requirement, dependencies, release history, last upload, and total release count. Direct lookup by package name.

ParseForge

OSV Open Source Vulnerabilities Scraper

parseforge/osv-vulnerabilities-scraper

Query the OSV.dev open-source vulnerabilities database. Search by package (PyPI/npm/Go/Maven/RubyGems/crates.io/NuGet/Packagist), commit hash, or fetch a specific vulnerability by ID. Returns affected ranges, CVE aliases, severity, and references.

ParseForge

OSV & GitHub Security Scraper

taroyamada/oss-vulnerability-monitor

Scrape GitHub Security Advisories and OSV databases to extract CVSS v3.1 base scores, fixed version tags, and patching details for your tech stack.

太郎山田

🐳 Docker Hub Scraper — Images & Pull Counts

nexgendata/dockerhub-scraper

Extract Docker Hub image data — pull counts, tags, descriptions, maintainers, version history. Snyk, Anchore & Sysdig alternative for container intelligence, SBOMs, supply-chain audits and DevOps dashboards. Pay per image.

NexGenData

Docker Hub Container Images Scraper

parseforge/docker-hub-images-scraper

Search Docker Hub for container images. Returns repository name, owner, full and short description, official/automated/verified flags, star count, total pull count, last updated, available tags. Search by keyword or look up specific images by name with full tag listings.

ParseForge

SPDX Software Licenses Scraper

parseforge/spdx-software-licenses-scraper

Pull the SPDX License List with standardized identifiers: license ID, full name, OSI approved flag, FSF libre flag, deprecated status, reference URL, text, and cross references. Export to JSON, CSV, or Excel for SBOM, open source compliance, license scanning, and supply chain audits.

ParseForge

Crates.io Rust Crates Scraper

parseforge/crates-io-rust-scraper

Search crates.io, the Rust package registry. Returns crate name, version, description, repository, homepage, documentation, license, downloads, recent downloads, last updated, categories, keywords, owner team, dependencies, and yank status. Search by keyword or look up specific crates by name.

ParseForge

RubyGems Scraper | Ruby Package Registry and Stats

parseforge/rubygems-scraper

Scrape RubyGems package registry data including gem names, versions, downloads, authors, dependencies, runtime requirements, source code repositories, project URLs, and release dates. Extract metadata for monitoring, security audits, and developer ecosystem analysis

ParseForge