bumblebee is a read-only developer endpoint scanner for finding software supply-chain exposure on macOS and Linux machines. It collects on-disk metadata from package managers, lockfiles, editor extensions, browser extensions, and supported developer tool configurations. The tool is designed for incident response situations where a team already knows a suspicious package, extension, or version and needs to identify which machines may contain it. It emits structured NDJSON records so results can be processed by scripts, security pipelines, or fleet inventory systems. Bumblebee avoids running package managers or reading source files, which keeps the scan focused and low-impact. It is useful for security teams that need fast local visibility across messy developer environments.

Features

  • Read-only endpoint inventory scanning
  • macOS and Linux support
  • npm, PyPI, Go, RubyGems, Composer, and Homebrew coverage
  • Editor and browser extension metadata collection
  • Exposure catalog matching
  • Structured NDJSON output

Project Samples

bumblebee Screenshot 1

Project Activity

See All Activity >

Categories

Software Development

License

Apache License V2.0

Follow bumblebee

bumblebee Web Site

Other Useful Business Software
Secure File Transfer for Windows with Cerberus by Redwood Icon
Secure File Transfer for Windows with Cerberus by Redwood

Protect and share files over FTP/S, SFTP, HTTPS and SCP with the #1 rated Windows file transfer server.

Cerberus supports unlimited users and connections on a single IP, with built-in encryption, 2FA, and a browser-based web client — all deployable in under 15 minutes with a 25-day free trial.
Try for Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of bumblebee!

Additional Project Details

Operating Systems

Linux, Mac

Programming Language

Go

Related Categories

Go Software Development Software

Registered

1 day ago
Report inappropriate content