Skip to content
Note: This project is currently in alpha, breaking changes my be introduced at anytime. Please use at your own risk.

SOF Scanner
Giving you peace of mind on your code

A static code analysis and dependency checking solution, giving you the security insights you need.


Get Started Get the Code

Designed for mono or multi-repos

SOF_Scanner is designed to support any type of repo configuration. For complex multi-repo or multi-component projects, each scan can be flagged with affected component enabling you to get a unified view of your product or services security posture.

Designed to run in your environment

Unlike other tools, this tool executes in your CI/CD as part of your build step. This means your not sending your code to any third parities.

Track Vulnerabilities across runs

Using a unique fingerprinting strategy, each vulnerability is fingerprinted so you can see how long it has been open, track its resolution and see if appears in any regression.

Open Source and Modular

OF Scanner is released on AGPL-v3 and is built on top of industry leading open source security tools. Its modular framework enables you to build integrations to any scanning tool you wish.