Spektrail
← All projects

Open Source Insights

Understand the structure, construction, and security of open source packages

Dev Toolsopen-sourcedependency-managementsecurity-advisoriespackage-ecosystemsdependency-graphsupply-chaingoogle
Visit
Open Source Insights screenshot

About

Open Source Insights is a free service by Google that analyzes open source software packages and constructs detailed dependency graphs along with security information. It indexes major package ecosystems including npm, PyPI, Maven, Cargo, Go, NuGet, and RubyGems, as well as project hosts like GitHub and GitLab. Developers can explore packages via the website, query data through an HTTP/gRPC API, or run custom queries using a public BigQuery dataset.

Problem

Developers lack visibility into the full dependency trees and security vulnerabilities of the open source packages they rely on.

For

software developers and security researchers working with open source packages

How it works

The service crawls and indexes packages from multiple ecosystems, builds complete dependency graphs, correlates security advisories from OSV, and exposes the data via a website, REST/gRPC API, and BigQuery public dataset.

Business model

free

Status

launched

Company

Google

Contact

Similar projects