Free Tools

Figure 1: Software Supply Chain Arsenal

Figure 1: Software Supply Chain Arsenal

We have developed a set of free toolkits (Illustrated in Figure 1) to showcase our analytical capabilities, which security researchers are welcome to use for non-commercial purposes at their discretion. This is a free online toolset that supports the daily work (SBOM generation, malware analysis, vulnerability analysis, risk evaluation, etc.) of the cybersecurity team and software developers. It includes:

  • DeepBOM - an AI-powered SBOM/SaaSBOM building service that does not require source code. This tool allows businesses to easily build SBOMs and SaaSBOMs, enabling them to better manage their software supply chains.
  • DeepPkg - an AI-powered intelligence service for open-source software artifacts. This tool helps businesses identify risks in their open-source software and provides them with a software bill of materials (SBOM) to manage their software supply chains.
  • DeepRepo - an SBOM-powered risk analysis service for public code repositories. This tool produces SBOMs and reveals potential concealed risks in public GitHub repositories.
  • DeepDocker- an SBOM-powered risk analysis service for public Docker images. This tool produces SBOMs and reveals potential concealed risks in public Docker Hub images.
  • DeepMalware - a malware analysis tool that uses code reuse detection to detect and classify new malware at first sight.
  • DeepDi - a fast and accurate disassembler for binary code AI that uses GPU to achieve hundreds of times faster performance than state-of-the-art disassemblers without losing accuracy.

We also provide other free tools as follows:

  • AskSBOM AI Assistant. We leverage deep learning, program analysis, and ChatGPT to develop this AI assistant. It can answer cybersecurity-related questions, especially in the software bill of materials field. Users can ask it to analyze a code repository, suggest packages, analyze malware, etc.
  • Free Github Action. We released a free Github action in GitHub Marketplace . Developers can integrate it into CI/CD of open-source projects to generate software bill of materials (SBOM) and analyze security risks (vulnerabilities, malware, license issues, etc.).
  • Free Github SBOM badge. We provide an SBOM badge service to open-source projects. With this badge, developers can quickly check the latest SBOMs and vulnerability analysis results of this project.