OWASP · kingthorin · Jul 29, 2025 · Jul 29, 2025 · kingthorin · Jul 29, 2025
diff --git a/_data/tools.json b/_data/tools.json
@@ -2168,5 +2168,14 @@
       "platforms": "Windows, Linux, MacOS",
       "note": "Open-source CLI security scanner for agentic AI workflows. Scans your workflow’s source code, detects vulnerabilities, and generates an interactive visualization along with a detailed security report. Supports popular agentic frameworks like LangGraph, CrewAI, n8n, OpenAI Agents, and more.",
       "type": "SAST"
+   },
+   {
+      "title": "Kusari Inspector",
+      "url": "https://kusari.dev",
+      "owner": "Kusari",
+      "license": "Commercial or Free",
+      "platforms": "SaaS",
+      "note": "Kusari Inspector seamlessly integrates software supply chain security analysis into your pull requests.",
+      "type": "SAST"
    }
 ]
diff --git a/pages/Component_Analysis.md b/pages/Component_Analysis.md
@@ -316,6 +316,7 @@ and legal teams an opportunity to create solutions for healthy open source usage
 | [Grafeas] | Grafeas | Open Source | Cross Platform |
 | [Greenkeeper] | Greenkeeper | Open Source | SaaS |
 | [Ion Channel SA] | Ion Channel | Commercial | SaaS |
+| [Kusari] | Kusari | Freemium | SaaS |
 | [Libraries.io] | Tidelift | Open Source | SaaS |
 | [MergeBase] | MergeBase | Commercial | SaaS |
 | [Nexus IQ] | Sonatype | Commercial | Cross Platform |
@@ -371,6 +372,7 @@ and legal teams an opportunity to create solutions for healthy open source usage
 [Greenkeeper]: https://greenkeeper.io/
 [OSS Review Toolkit]: https://github.com/heremaps/oss-review-toolkit
 [Ion Channel SA]: https://ionchannel.io/
+[Kusari]: https://kusari.dev
 [Libraries.io]: https://libraries.io/
 [MergeBase]: http://mergebase.com/
 [Nexus IQ]: https://www.sonatype.com/

diff --git a/pages/Free_for_Open_Source_Application_Security_Tools.md b/pages/Free_for_Open_Source_Application_Security_Tools.md
@@ -78,6 +78,7 @@ In addition, we are aware of the following commercial SAST tools that are free f
     - [CodeSweep - GitHub Action](https://hclsw.co/codesweepgithub) - Scan the new code on a push/pull request using a GitHub action. Findings are highlighted in the `Files Changed` view and details about the issue and mitigation steps can be found in the `Actions` page. Unrestricted usage allowed with a free trial account.
   - [Aikido](https://www.aikido.dev/product) - Combines open source software with custom rules & features into a single dashboard with all your security findings. Includes both SAST and Library Analysis tools. [Free for small teams](https://www.aikido.dev/pricing).
   - [Arnica](https://www.arnica.io/solution/code-security) - Scans all source code repositories for code risks (SAST, SCA, IaC, license violations, and low 3rd party reputation) and hardcoded secrets. The platform comes with a [freemium plan](https://www.arnica.io/pricing) for unlimited time and users count. The [pipelineless security approach](https://www.arnica.io/blog/ci-cd-pipeline-security-vs-ide-plugins-vs-pipelineless-security) is the value the company charges for, so the visibility remains always free.
+  - [Kusari](https://kusari.dev/inspector) - Kusari Inspector seamlessly integrates software supply chain security analysis into your pull requests. This checks for bad dependencies, licenses, quality data. [Free for individual use](https://www.kusari.dev/pricing).
 
 ### DAST Tools