Automatically assess software packages for supply chain risk
Hipcheck is a tool for analyzing software packages from hosts like NPM, PyPI, and Maven, and source repositories like GitHub, GitLab, Sourcehut, and more. It assesses the practices a project follows for building their software, and tries to detect active supply chain attacks as well.
Use Hipcheck to filter hundreds of dependencies to just a few you can manually review!
Read the Docs Try Hipcheck!
Simplify using Open Source Software
Identify High Risk Dependencies
Audit a project’s development practices, like code review, fuzz testing, and active maintenance, automatically!
Configure Analyses You Care About
Keep only the analyses that matter to you, change how they contribute to scoring, and how much risk you’re willing to tolerate.
Make Dependencies Manageable
Many software projects use hundreds of open source dependencies! Filter that list to something manageable with Hipcheck