Flawnter has a feature called Dependency Scan. It is a Software Composition Analysis (SCA) that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. It uses Common Platform Enumeration (CPE) identifier for a given dependency. If found it will provide vulnerability details and the associated CVE entries and references. Flawnter uses National Vulnerability Database Data Feeds published by NIST website and from other sources to scan for known vulnerabilities.
Detect known vulnerabilities in 3rd party libraries and components
Supports scanning for known vulnerabilities in Containers
Detect vulnerabilities that may lead to software supply chain attacks