Security●●Solid
Shinobi – 10-second security scanner for developers
Regex-based secret scanner with AI risk checks; competes directly with Trufflehogg, git-secrets, Snyk.
Ship ItSolve My Problem
SolidDark
203mo ago
Back to browse
GitHub Repository
Open-source local dependency and vulnerability scanner for Java (Maven/Gradle) and JavaScript (npm) projects.
3 starsJava
FeralDeps, local dependency and vulnerability scanner for Java projects
by conor_pardix·Mar 9, 2026·1 point·0 comments
AI Analysis
●MidShip It
Yet another dependency scanner in a space Snyk and Dependabot already dominate.
Strengths
- •Local-first scanning keeps project data private on your machine
- •Prebuilt JAR means no compilation required to get started
Weaknesses
- •Only scans first-level dependencies, no transitive analysis yet
- •Zero differentiation from OWASP Dependency-Check or GitHub's built-in tools
Category
Target Audience
Java developers, security-conscious teams
Similar To
OWASP Dependency-Check · Snyk · Dependabot
Post Description
I built FeralDeps as part of a college project; it's an open-source, local dependency scanner for Java projects that also checks for outdated dependencies and known vulnerabilities. Most of the scanning and reporting runs locally, so your project data never leaves your machine.
It generates HTML reports, shows CVSS severity scores, and comes with a simple GUI. You can optionally provide API credentials for OSS Index or GitHub for more detailed vulnerability info.
Why it's useful:
- Quickly find outdated or vulnerable dependencies in Gradle/Maven projects.
- Local scanning keeps your code and data private
- Generates easy to read reports and charts
You can try it via a prebuilt JAR (no build required) or compile from source:
https://github.com/PardixLabs/feraldeps-core
Future plans include transitive dependency analysis, additional ecosystem support (Python, JS, etc.) and CI integration. Any feedback is very welcome and much appreciated!
Similar Projects
Security●●●Banger
Golf Scanner – OSS tool to find and audit every MCP server
Closes the MCP server discovery gap that shadow-IT has made critical.
Solve My ProblemBig Brain
antonig
302mo ago
Developer Tools●●Solid
Check for indicators of AI code in a project and dependencies
Checks git author metadata and CLAUDE.md files for AI code traces.
Niche GemShip It
matdoesdev
202mo ago
Developer Tools●●Solid
Detect phantom and unused dependencies across multiple languages
One CLI finds phantom and unused deps across five languages when per-language tools already exist.
Solve My ProblemSlick
ojuschugh1
111mo ago
Security●Mid
Radar – Automated vulnerability scanning for SMBs (free in beta)
Verifying ownership with a DNS TXT record and spinning up ephemeral Cloud Run jobs to produce a PDF report in under an hour is a pragmatic approach — cheap to operate and low-friction for SMBs. It's explicitly automated (no manual pentest), which keeps expectations honest, but the market already has mature scanners and few standout differentiators here beyond pricing and convenience; continuous monitoring, remediation guidance or integrations would make it much more compelling.
Ship ItNiche Gem
oscarsixsecllc
123mo ago
Security●●Solid
Open-source scanner finds 97% of AI agent code non-compliant EU AI Act
Linter for EU AI Act: scans agent code against Articles 9–15, finds 97% non-compliance.
Big BrainBold Bet
airblackbox
113mo ago