* [TruffleHog v3.95.4](https://github.com/trufflesecurity/trufflehog) – Powerful tool for discovering, classifying, validating, and analyzing leaked credentials.

* [Chainloop v1.99.0](https://github.com/chainloop-dev/chainloop) – Evidence store and policy engine for Software Supply Chain attestations, SBOMs, VEX, SARIF, and QA reports.

* [Skylos v4.22.0](https://github.com/duriantaco/skylos) – Privacy-first hybrid static-analysis tool for Python, TypeScript, and Go that detects dead code, secrets, and security vulnerabilities.

* [vet v1.17.3](https://github.com/safedep/vet) – Enterprise-grade software supply chain security tool with real-time malicious package detection and policy as code support.

* [Aguara v0.22.0](https://github.com/garagon/aguara) – Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks via local static analysis.

* [Package Manager Guard (PMG) v0.17.2](https://github.com/safedep/pmg) – Tool that blocks malicious packages during installation by wrapping existing package managers.

* [JavaSecLab V1.5](https://github.com/whgojp/JavaSecLab) – Comprehensive hands-on platform for learning, testing, and auditing Java application security using vulnerable examples, fixes, scenarios, and traffic analysis.

* [MEDUSA v2026.5.11](https://github.com/Pantheon-Security/medusa) – AI-first security scanner providing 3,000+ detection patterns, 430 false-positive filters, and 133 CVE detections for AI/ML, agents, and LLM applications.