OtterSight Blog

OtterSight BlogSoftware Composition Analysis — SCA, SBOM, CVE, EUVD insights for developershttps://ottersight.com/enThe Axios Attack Wasn't in Any CVE Database. Your Scanner Missed It.https://ottersight.com/blog/2026-04-04-axios-supply-chain-attack/https://ottersight.com/blog/2026-04-04-axios-supply-chain-attack/The axios npm supply chain attack hit 100 million weekly downloads and lasted 3 hours. Here's why traditional vulnerability scanners couldn't catch it — and what would have.Sat, 04 Apr 2026 00:00:00 GMTClaude Code's Security Review Has a Blind Spot — It Doesn't Check Your Dependencieshttps://ottersight.com/blog/2026-04-02-claude-code-security-blind-spot/https://ottersight.com/blog/2026-04-02-claude-code-security-blind-spot/The leaked Claude Code security prompt reveals a critical gap: dependency vulnerabilities are explicitly excluded. Here's why that matters and how to fix it.Thu, 02 Apr 2026 00:00:00 GMTWe Scanned Ourselves: 86 Vulnerabilities Found (and Fixed) with OtterSighthttps://ottersight.com/blog/2026-04-01-we-scanned-ourselves/https://ottersight.com/blog/2026-04-01-we-scanned-ourselves/We used OtterSight's MCP server to scan our own monorepo. Found 86 vulnerabilities — 5 critical, 1 actively exploited. Fixed all of them. Here's exactly what happened.Wed, 01 Apr 2026 00:00:00 GMTWhat npm audit Actually Misses — And the Three Layers of Dependency Securityhttps://ottersight.com/blog/2026-03-29-what-npm-audit-misses/https://ottersight.com/blog/2026-03-29-what-npm-audit-misses/npm audit checks one database. Your dependencies face three types of threats. Here's the full picture and what tools cover each layer.Sun, 29 Mar 2026 00:00:00 GMTYour AI Security Audit Has a Blind Spot — It Can't Check Dependencieshttps://ottersight.com/blog/2026-03-27-ai-security-audit-blind-spot/https://ottersight.com/blog/2026-03-27-ai-security-audit-blind-spot/When you ask an AI to audit your code for security issues, it reviews your code patterns. But it has no idea if the 47 packages it installed have known CVEs.Fri, 27 Mar 2026 00:00:00 GMTGetting Started with OtterSight CLI — Your First Dependency Scan in 30 Secondshttps://ottersight.com/blog/2026-03-25-getting-started-cli/https://ottersight.com/blog/2026-03-25-getting-started-cli/Install the OtterSight CLI, scan your project for vulnerabilities, and get a security report with SBOM, CVE, EPSS, and KEV data.Wed, 25 Mar 2026 00:00:00 GMTEUVD Explained — What the EU Vulnerability Database Means for NIS2 Compliancehttps://ottersight.com/blog/2026-03-23-euvd-explained/https://ottersight.com/blog/2026-03-23-euvd-explained/A developer's guide to the EU Vulnerability Database (EUVD): what it is, how it differs from NVD, and why it matters for NIS2 compliance.Mon, 23 Mar 2026 00:00:00 GMTWhy We Built OtterSight — OSS Dependency Scanning with EU Vulnerability Databasehttps://ottersight.com/blog/2026-03-21-why-we-built-ottersight/https://ottersight.com/blog/2026-03-21-why-we-built-ottersight/The story behind OtterSight: why we built an open-source SCA scanner that integrates the EU Vulnerability Database (EUVD) for better NIS2 compliance.Sat, 21 Mar 2026 00:00:00 GMT