#1
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
9.1K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/syftAlternatives
OpenSCA Cli alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
OpenSCA Cli
OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by the community.
99
Quality
90
Trust
1.1K
Stars
#2
Protect against malicious open source packages 🤖
1.1K starsJun 11, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add safedep/vet#3
Scans your project to determine what components you use
544 starsJun 16, 2026 pushdevelopmentC#Static Analysis
$ npx skills add microsoft/component-detection#4
A vulnerability scanner for container images and filesystems
12K starsJun 12, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add anchore/grype#5
Go security checker
8.9K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add securego/gosec#6
Tfsec is now part of Trivy
7.0K starsMar 25, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add aquasecurity/tfsec#7
Scan the world (for secrets)
1.2K starsJun 12, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add betterleaks/betterleaks#8
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
21K starsMay 19, 2026 pushdevelopmentJavaScriptStatic Analysis
$ npx skills add MobSF/Mobile-Security-Framework-MobSF#9
Security risk analysis for Kubernetes resources
1.5K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#10
A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑
8.9K starsJun 10, 2026 pushdevelopmentStatic AnalysisClaude Code
$ npx skills add We5ter/Scanners-Box#11
Performant type-checking for python.
7.2K starsJun 15, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/pyre-check#12
Static analysis for GitHub Actions
5.6K starsJun 14, 2026 pushdevelopmentRustStatic Analysis
$ npx skills add zizmorcore/zizmor#13
A static analysis security vulnerability scanner for Ruby on Rails applications
7.2K starsJun 15, 2026 pushdevelopmentRubyStatic Analysis
$ npx skills add presidentbeef/brakeman#14
Vulnerability Static Analysis for Containers
11K starsJun 4, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add quay/clair#15
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4K starsMar 26, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add find-sec-bugs/find-sec-bugs#16
Staticcheck - The advanced Go linter
6.8K starsJun 10, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add dominikh/go-toolsHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep OpenSCA Cli if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.