SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV) avatar

SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)

Pricing

from $20.00 / 1,000 results

Go to Apify Store
SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)

SBOM Vulnerability Scanner — Lockfile CVE Scan (OSV/KEV)

SBOM vulnerability scanner: paste an npm, pip or go lockfile and get a prioritized CVE report with upgrade targets. Batch-queries OSV.dev, flags CISA KEV known-exploited vulns, adds NVD CVSS, and computes the minimum fix version per package plus a severity rollup. Keyless.

Pricing

from $20.00 / 1,000 results

Rating

0.0

(0)

Developer

Kyle Maloney

Kyle Maloney

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

0

Monthly active users

6 days ago

Last modified

Share

SBOM Vulnerability Scanner — Lockfile CVE Scan & Upgrade Targets (OSV/NVD/KEV)

Paste a dependency lockfile and get a prioritized CVE / vulnerability report with upgrade targets. This SBOM vulnerability scanner batch-queries OSV.dev, flags CISA KEV known-exploited vulns, adds NVD CVSS scores, and computes the minimum fix version per package plus a severity rollup. Existing OSV actors echo raw records — this one does the transform that's the value.

Who it's for

  • DevSecOps & AppSec engineers scanning dependencies in CI.
  • Security & compliance teams producing SBOM vulnerability reports.
  • Platform / SRE teams prioritizing which upgrades actually matter.
  • AI coding agents needing a "scan this lockfile for CVEs" tool.

What it does

  1. Parses a manifest into {package, version, ecosystem}package-lock.json / package.json (npm), requirements.txt (PyPI), or go.mod (Go), or a direct dependencies array.
  2. Batch-queries OSV.dev for known vulnerabilities and full details.
  3. Enriches each finding with the CISA KEV known-exploited flag and, optionally, NVD CVSS.
  4. Computes upgrade targets — the minimum fix version per package — plus a severity rollup (critical/high/medium/low, KEV-exploited, fixable counts).

Example input

{
"manifestContent": "<paste your package-lock.json here>",
"manifestFormat": "auto",
"includeNvd": false,
"maxPackages": 2000
}

Output

One summary row (severity rollup) then one vulnerability row per vulnerable package: package, ecosystem, installed_version, dependency_type, vulnerability_id, aliases (CVEs), severity, cvss_score, kev_exploited, fixed_version (upgrade target), fix_available, references, osv_url.

Use as an MCP tool

Exposed to AI coding agents via mcp.apify.com as a "scan lockfile for vulnerabilities" tool — paste a lockfile, get a prioritized fix list back.

FAQ

Which ecosystems? npm, PyPI (pip), and Go. What data sources? OSV.dev + CISA KEV + optional NVD CVSS — all keyless. What's the upgrade target? The minimum fixed version that's an upgrade from what you have. Does a clean manifest cost much? No — it emits only the summary row.

Data sources (all keyless, no anti-bot)

OSV.dev (/v1/querybatch + /v1/vulns/{id}), CISA KEV catalog, and NVD CVSS (optional, fail-soft).

Pricing (Pay Per Result)

Billed per dataset record returned (one summary row + one row per vulnerable package). A clean manifest emits only the summary row.