@CycloneDX_Spec@github 5. Debricked
@debrickedab is actually a paid SCA tool, but offers a free tier for open source projects or small teams.
It lets you customize rules & policies, detect serious vulnerabilities, easier remediation & detailed reporting.