Software Composition Analysis
Know what’s inside your software.
OtterSight scans your repos for vulnerabilities, outdated dependencies, and license risks. SBOM, CVE monitoring, and EU Vulnerability Database — in one tool.
3 repos free · No credit card · GDPR compliant
How it works
Connect repo
Link your GitHub repo. OtterSight clones ephemerally — no source code is stored.
Automatic scanning
Syft generates the SBOM, Grype checks for CVEs, the EU Vulnerability Database provides current data.
Instant alerts
New vulnerability? Slack, Discord, Telegram, email, or 300+ other channels via Apprise.
The only SCA scanner with EU Vulnerability Database.
- 20+ ecosystems via Syft: npm, pip, Go, Rust, Java, .NET, and more
- CycloneDX 1.6 SBOMs for every repository
- CVSS + EPSS + KEV scoring for prioritized vulnerabilities
- EUVD integration — the only provider on the market
- Version drift detection with automatic alerts
- Multi-tenant: your team, your data, cleanly separated
Pricing
| Feature | Free | Indie | Team | Business |
|---|---|---|---|---|
| Price | €0 | €9/mo | €19/mo | €49/mo |
| Repos | 3 | 10 | 30 | 100 |
| Scans | Weekly | Daily | Daily + Push | All triggers |
| SBOM + EUVD | — | ✓ | ✓ | ✓ |
| Version Drift | — | ✓ | ✓ | ✓ |
| Alerts | Basic | 300+ channels | 300+ channels | 300+ channels |
| Users | 1 | 1 | 5 | Unlimited |
| AI Risk Scoring | — | — | — | ✓ |
| Start → | Start → | Start → | Start → |
Swipe for all plans →