An OCI tarball parser walks every layer, builds a per-layer SBOM and correlates vulnerabilities across nine in-image ecosystems — with base-image upgrade guidance.
What it does
Per-layer OCI analysis
Walks each layer of an OCI tarball or registry image and attributes packages and vulnerabilities to the layer that introduced them.
9 in-image ecosystems
Debian, Alpine, RPM, npm, PyPI, Go, Ruby, PHP and .NET packages correlated against the same vulnerability stack as source scans.
Per-layer SBOM
CycloneDX / SPDX SBOM per image, with base-image upgrade guidance so you fix at the root.
Direct and transitive dependency resolution across 30+ ecosystems, correlated against OSV, NVD and GHSA, then ranked by real exploitability — not raw CVE count.
Firewall verdicts, scan results and runtime traces wrapped in DSSE over SLSA-style in-toto Statements, signed with your keypair. A standalone verifier ships with the platform — no vendor portal required.
Terraform, CloudFormation and Kubernetes manifests scanned for privilege escalation, insecure capabilities and CIS misconfigurations — in the same pass as your code and dependencies.