Software Composition Analysis insights from the OtterSight team.
The axios npm supply chain attack hit 100 million weekly downloads and lasted 3 hours. Here's why traditional vulnerability scanners couldn't catch it — and what would have.
The leaked Claude Code security prompt reveals a critical gap: dependency vulnerabilities are explicitly excluded. Here's why that matters and how to fix it.
We used OtterSight's MCP server to scan our own monorepo. Found 86 vulnerabilities — 5 critical, 1 actively exploited. Fixed all of them. Here's exactly what happened.
npm audit checks one database. Your dependencies face three types of threats. Here's the full picture and what tools cover each layer.
When you ask an AI to audit your code for security issues, it reviews your code patterns. But it has no idea if the 47 packages it installed have known CVEs.
Install the OtterSight CLI, scan your project for vulnerabilities, and get a security report with SBOM, CVE, EPSS, and KEV data.
A developer's guide to the EU Vulnerability Database (EUVD): what it is, how it differs from NVD, and why it matters for NIS2 compliance.
The story behind OtterSight: why we built an open-source SCA scanner that integrates the EU Vulnerability Database (EUVD) for better NIS2 compliance.