Software Supply Chain Security

Secure your software from the inside out with ScapeGoat

ScapeGoat is an open-source Software Composition Analysis (SCA) and SBOM management platform. Track dependencies, automate vulnerability scanning, and enforce security policies across your entire software portfolio.

View on GitHubDocumentation

Dependency Tracking

Automatically discover and monitor all third-party components used in your software portfolio.

Vulnerability Scanning

Integrate with industry-standard scanners like Grype and OSV to identify known CVEs in your supply chain.

SBOM Management

Import and analyze Software Bill of Materials in CycloneDX, SPDX, and Syft JSON formats.

GitHub Integration

Seamlessly import repositories and manage SBOMs directly from your GitHub organizations.

Policy Enforcement

Define and apply custom security and compliance policies to ensure your software meets organization standards.

License Compliance

Track software licenses across your application hierarchy to avoid legal risks and maintain compliance.

Built with a modern tech stack

Go backend, React frontend, and ZITADEL for identity management. Fully containerized and ready for scale.

ScapeGoat is part of the Netfoe family of open-source security tools. Combine it with Reconmap for a complete offensive and defensive security workflow.