SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)
Pricing
from $20.00 / 1,000 results
SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)
SBOM vulnerability scanner: paste an npm, pip or go lockfile and get a prioritized CVE report with upgrade targets. Batch-queries OSV.dev, flags CISA KEV known-exploited vulns, adds NVD CVSS, and computes the minimum fix version per package plus a severity rollup. Keyless.
Pricing
from $20.00 / 1,000 results
Rating
0.0
(0)
Developer
Kyle Maloney
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
0
Monthly active users
6 days ago
Last modified
Categories
Share
SBOM Vulnerability Scanner — Lockfile CVE Scan & Upgrade Targets (OSV/NVD/KEV)
Paste a dependency lockfile and get a prioritized CVE / vulnerability report with upgrade targets. This SBOM vulnerability scanner batch-queries OSV.dev, flags CISA KEV known-exploited vulns, adds NVD CVSS scores, and computes the minimum fix version per package plus a severity rollup. Existing OSV actors echo raw records — this one does the transform that's the value.
Who it's for
- DevSecOps & AppSec engineers scanning dependencies in CI.
- Security & compliance teams producing SBOM vulnerability reports.
- Platform / SRE teams prioritizing which upgrades actually matter.
- AI coding agents needing a "scan this lockfile for CVEs" tool.
What it does
- Parses a manifest into
{package, version, ecosystem}—package-lock.json/package.json(npm),requirements.txt(PyPI), orgo.mod(Go), or a directdependenciesarray. - Batch-queries OSV.dev for known vulnerabilities and full details.
- Enriches each finding with the CISA KEV known-exploited flag and, optionally, NVD CVSS.
- Computes upgrade targets — the minimum fix version per package — plus a severity rollup (critical/high/medium/low, KEV-exploited, fixable counts).
Example input
{"manifestContent": "<paste your package-lock.json here>","manifestFormat": "auto","includeNvd": false,"maxPackages": 2000}
Output
One summary row (severity rollup) then one vulnerability row per vulnerable
package: package, ecosystem, installed_version, dependency_type,
vulnerability_id, aliases (CVEs), severity, cvss_score, kev_exploited,
fixed_version (upgrade target), fix_available, references, osv_url.
Use as an MCP tool
Exposed to AI coding agents via mcp.apify.com as a "scan lockfile for
vulnerabilities" tool — paste a lockfile, get a prioritized fix list back.
FAQ
Which ecosystems? npm, PyPI (pip), and Go. What data sources? OSV.dev + CISA KEV + optional NVD CVSS — all keyless. What's the upgrade target? The minimum fixed version that's an upgrade from what you have. Does a clean manifest cost much? No — it emits only the summary row.
Data sources (all keyless, no anti-bot)
OSV.dev (/v1/querybatch + /v1/vulns/{id}), CISA KEV catalog, and
NVD CVSS (optional, fail-soft).
Pricing (Pay Per Result)
Billed per dataset record returned (one summary row + one row per vulnerable package). A clean manifest emits only the summary row.