EOL Dataset

The tool scans a project’s full dependency graph—direct and transitive—to identify any open‑source packages that have reached end‑of‑life (EOL) or are no longer maintained. It accepts various entry points such as SBOM files (CycloneDX or SPDX), manifest files (package.json, pom.xml, requirements.txt, go.mod, Cargo.toml, etc.), or CI/CD integrations, and resolves the complete tree to separate production from development/test dependencies. Results highlight EOL packages, upcoming EOL dates, and associated security risks, allowing engineers and compliance teams to prioritize remediation.

It is aimed at developers, DevOps engineers, and security or compliance leaders who need to avoid unsupported software that can become a security liability. The service provides a quick, free scan that can be run in minutes and generates a fleet‑wide report with remediation guidance. Its distinctive feature is the focus on lifecycle risk beyond CVE detection, covering more than 11 million package versions and surfacing transitive dependencies that many scanners overlook.