top of page

About twigs

twigs is an open source project maintained by ThreatWorx, its developed in python although a powershell version of twigs also exists for Windows. So what does twigs do ?

twigs is a CLI that enables you to discover the composition of various different classes of assets for the purpose of SCA (Software Composition Analysis), Open Source License Compliance (OSS) and Vulnerability Management(VM). twigs can also run checks that service other security and compliance checks such as SAST and DAST for your source code and align you with OWASP standards, configuration checks aligned with (CIS) benchmarks and remote access checks (SSL/SSH) for your hosts and VMs.

twigs is also an SBOM generation tool and can also work with SBOM industry standards such as CycloneDX and SPDX.

twigs is extensible too ! You can add discovery support and make it available to the community or keep it private.

bottom of page