security scan tool

Sonatype helps enterprises identify and remediate vulnerabilities in open source library dependencies and release more secure code. Today, they announced a free tool called DepShield that offers a basic level of protection for GitHub developers. The product is actually two parts. For starters, Sonatype has a database of open source dependency vulnerabilities called OSS Index.