* [Chainloop v1.82.0](https://github.com/chainloop-dev/chainloop) – Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

* [TruffleHog v3.93.8](https://github.com/trufflesecurity/trufflehog) – Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

* [ThreatMapper v2.5.8](https://github.com/deepfence/ThreatMapper) – Runtime security platform that detects and prioritizes vulnerabilities, exposed secrets, and misconfigurations across cloud-native environments.

* [Betterleaks v1.1.0](https://github.com/betterleaks/betterleaks) – Detects passwords, API keys, and tokens in git repos, files, or stdin using configurable, high-performance scanning.

* [Bagel v0.3.0](https://github.com/boostsecurityio/bagel) – Cross-platform CLI that scans developer workstations for risky tool configurations and secret metadata, producing structured JSON reports without exposing secret values.

* [MEDUSA v2026.4.0](https://github.com/Pantheon-Security/medusa) – AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.

* [Titus v1.1.6](https://github.com/praetorian-inc/titus) – High-performance secrets scanner for source code, git history, and binary files, offering CLI, Go library, Burp and Chrome extensions, 459 detection rules, and live credential validation.

* [Package Manager Guard (PMG) v0.4.6](https://github.com/safedep/pmg) – Tool that blocks malicious packages during installation by wrapping existing package managers.

* [poutine v1.0.8](https://github.com/boostsecurityio/poutine) – Security scanner for detecting misconfigurations and vulnerabilities in repository build pipelines by parsing CI/CD workflows.