Secrets / SBOM Scanner

[OSS GAP] Secrets / SBOM Scanner #security #devtools #scanner #self-hosted

Pain: Small teams want repo and artifact scanning without another security platform subscription that costs more than the risk budget. “I have a small team of four employees and I want to offer them health benefits. Group insurance premiums are way too expensive for my budget. I have been looking into Health Spendi” — reddit (https://www.reddit.com/r/EntrepreneurCanada/comments/1sm0am5/how_do_you_offer_health_benefits_to_employees/)

Why now: Small teams in 2026 are cutting tool spend and refusing extra platform debt. Snyk, Mend, GitHub Advanced Security are strong products, but they are packaged for bigger companies than dev team and other small teams. That makes a smaller, self-hosted wedge in secrets / sbom scanner unusually easy to explain.

Tiny wedge: Repo scanner for dev team and other small teams without Snyk-style pricing and platform weight.

Why this wins: Replaces recurring Snyk spend with a boring self-hosted alternative for dev team and other small teams.

Scope cut: Skip CNAPP suite and enterprise risk dashboard in v1.

Stack: Node.js + Express + SQLite + REST API + webhooks.