Safeguard Documentation Center
Open Source Manager

Open Source Manager

Open source security intelligence with vulnerability tracking, attestation verification, and license compliance

Open Source Manager (OSM)

Open source is everywhere—and so are its vulnerabilities. OSM provides comprehensive open source security intelligence, similar to Snyk's vulnerability database, giving you detailed information about package security, vulnerabilities, and compliance.

Make informed decisions about your dependencies.

Key Features

Open Source Security Database

  • Comprehensive vulnerability database
  • Package security intelligence
  • Real-time vulnerability tracking
  • Historical security data

Vulnerability Intelligence

  • CVE details and analysis
  • CVSS scoring and severity
  • Exploit availability information
  • Fix recommendations
  • Affected version ranges

Attestation Verification

  • SLSA provenance verification
  • Sigstore signature validation
  • Build reproducibility
  • Supply chain integrity

License Compliance

  • License detection and classification
  • Compatibility analysis
  • Policy enforcement
  • Attribution generation

What's Included

Security Database

Browse package security information

Attestation

Supply chain verification

License Compliance

License management

Open Source Security Database

Search and browse security information for open source packages:

Package Information

FieldDescription
Package NameName and ecosystem (npm, PyPI, Maven, etc.)
Version HistoryAll versions with security status
VulnerabilitiesKnown CVEs affecting the package
Severity DistributionCritical, High, Medium, Low breakdown
LicenseSPDX license identifier
Maintainer StatusActive maintenance indicator
Security AdvisoriesRelated security bulletins

Vulnerability Details

For each vulnerability:

  • CVE identifier and description
  • Affected version ranges
  • Fixed versions
  • CVSS score and vector
  • Exploit information
  • Remediation guidance

Getting Started

  1. Navigate to the OSM security database
  2. Search for packages by name or CVE
  3. Review security information
  4. Check attestation status
  5. Verify license compliance

Use Cases

Pre-Installation Review

Before adding a new dependency, check its security posture:

  • Known vulnerabilities
  • Maintenance status
  • License compatibility

Vulnerability Research

When responding to security alerts:

  • Detailed CVE analysis
  • Impact assessment
  • Remediation options

Compliance Auditing

For regulatory requirements:

  • License inventory
  • Security attestation
  • Supply chain verification

Integration with ESSCM

OSM data is integrated into Enterprise Software Supply Chain Manager (ESSCM):

  • Automatic vulnerability matching
  • License policy enforcement
  • Attestation verification during SBOM generation

Monitoring

Continuous monitoring of vendor security posture

Security Database

Browse open source package security information and vulnerability data

On this page

Open Source Manager (OSM)Key FeaturesOpen Source Security DatabaseVulnerability IntelligenceAttestation VerificationLicense ComplianceWhat's IncludedOpen Source Security DatabasePackage InformationVulnerability DetailsGetting StartedUse CasesPre-Installation ReviewVulnerability ResearchCompliance AuditingIntegration with ESSCM