Description
Project dependencies can be scanned for publicly disclosed vulnerabilities with a Software Composition Analysis tool. It is useful for developers and security reviewers who need CVE-oriented dependency checks.
This CLI can produce false positives or miss issues when metadata is incomplete. Treat results as audit evidence that needs triage, not as a complete guarantee that dependencies are safe.