01
Coverage
What does Capabilities overview test?
- From live exploits to source-code proof
- Pencheff combines deterministic scanners, AI-guided probes, curated payloads, external tools, and evidence normalization so every signal lands in one remediation workflow.
- Dropdown section: Everything the engine tests.
- OSV.dev, NVD 2.0, GitHub Advisory Database, RustSec, GoVulnDB, EPSS, CISA KEV, and SSVC enrichment.
- Manifest support for npm, PyPI, Go modules, Cargo, Ruby, Composer, Maven, OS packages, and container packages.
- SPDX 2.3 and CycloneDX 1.5 SBOM generation with optional Syft enrichment.
- Reachability annotation that separates exploited, reachable, present, and unknown risk.
- License policy checks and deterministic version-bump remediation for eligible dependencies.