Open Source • Cybersecurity • Supply Chain

Enhancing Software Supply Chain Security

Comprehensive tools for dependency analysis and vulnerability assessment. Secure your software supply chain with advanced dependency exploration and VEX document generation.

Documentation

Ready to Secure Your Supply Chain?

Get started with our open-source tools today. Join the community of developers building more secure software.

Our Security Tools

Two powerful open-source tools designed to work together for comprehensive supply chain security

Depex Logo
Depex
Dependency Explorer & Vulnerability Detector

Constructs full dependency graphs from package manifests (npm, pip, Maven, etc.) and detects vulnerable transitive dependencies. Visualizes them in Neo4j for comprehensive analysis.

Key Features

  • • Multi-language package support
  • • Transitive dependency detection
  • • Neo4j graph visualization
  • • Vulnerability scanning
View Depex
VEXGen Logo
VEXGen
Automated VEX Document Generator

Automated tool that generates VEX (Vulnerability Exploitability eXchange) documents indicating exploitability status for software artifacts, integrating with OSV and SBOMs.

Key Features

  • • Automated VEX generation
  • • OSV database integration
  • • SBOM compatibility
  • • Exploitability assessment
View VEXGen
Open Source
GNU Licensed
Community Driven

How They Work Together

Depex and VEXGen complement each other to provide comprehensive supply chain security

1. Discover

Depex analyzes your project and builds comprehensive dependency graphs

2. Identify

Vulnerabilities are detected across all transitive dependencies

3. Document

VEXGen creates standardized VEX documents for vulnerability status

Use Cases

Real-world applications for enhanced supply chain security

Enterprise Security

Large organizations can audit their entire software portfolio for vulnerabilities and maintain compliance documentation.

CI/CD Integration

Integrate into your development pipeline for automated vulnerability scanning and VEX document generation on every build.

Open Source Projects

Maintainers can provide transparency about their project's security posture and dependency health to users.

Our Supporters

SecureChain is proudly supported by leading research institutions committed to advancing cybersecurity

IDEA Research Group Logo

IDEA Research Group

University of Seville

Leading research in software engineering, data analysis, and intelligent systems with a focus on innovative solutions for complex technological challenges.

Visit IDEA Research Group
I3US Institute Logo

I3US Institute

Institute of Computer Engineering, University of Seville

Dedicated to advancing computer engineering research and innovation, fostering collaboration between academia and industry in cutting-edge technology development.

Visit I3US Institute

These institutions provide invaluable support through research collaboration, academic expertise, and commitment to open-source cybersecurity advancement.