ModelsAgree
← All leaderboards
📦

Best dependency SCA scanner for open-source risk

3 models · updated 2026-06-29

The verdict

Endor Labs leads — 2 of 3 models rank Endor Labs the top startup.

Combined ranking

  1. 1
    Endor Labs9 pts
    GPT #1Claude Gemini #2· Best risk prioritization with strong reachability analysis.
  2. 2
    Socket2 pts
    GPT Claude Gemini #4· Proactively detects malicious dependency behavior and supply chain attacks.
  3. 3
    Trivy1 pts
    GPT Claude Gemini #5· Highly versatile open-source scanner covering dependencies, containers, and infrastructure.

Not ranked (incumbents): Snyk Open Source, Snyk, Mend, Black Duck, Mend SCA, Sonatype Nexus Lifecycle, Black Duck SCA, GitHub Dependabot, JFrog Xray, Sonatype Lifecycle

By model

ChatGPT

  1. 1.Endor Labs
  2. 2.Snyk Open Source
  3. 3.Mend SCA
  4. 4.Black Duck SCA
  5. 5.Sonatype Lifecycle

Claude

  1. 1.Snyk Open Source
  2. 2.Mend
  3. 3.Sonatype Nexus Lifecycle
  4. 4.GitHub Dependabot
  5. 5.JFrog Xray

Gemini

  1. 1.Snyk
  2. 2.Endor Labs
  3. 3.Black Duck
  4. 4.Socket
  5. 5.Trivy

Tracked by ModelsAgree · rank 1 = 5 pts … rank 5 = 1 pt · re-polled continuously