# Install opensca-cli

OpenSCA is a supply-chain security tool for security researchers and developers. Version 3.0.11 via Homebrew; verified 2026-05-15.

## Install

```sh
sudo av install brew:opensca-cli
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install opensca-cli
```

  Evidence: local Homebrew formula metadata

### Windows

- Scoop (92%):

```sh
scoop install extras/opensca-cli
```

  Evidence: Scoop official bucket manifest trees: bucket/opensca-cli.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id XmirrorSecurity.OpenSCA-cli -e
```

  Evidence: Windows Package Manager source index: XmirrorSecurity.OpenSCA-cli from https://cdn.winget.microsoft.com/cache/source.msix

## Package Facts

- **Package key:** brew:opensca-cli
- **Package manager:** Homebrew
- **Package manager URL:** <https://formulae.brew.sh/formula/opensca-cli>
- **Version:** 3.0.11
- **Source summary:** OpenSCA is a supply-chain security tool for security researchers and developers
- **Homepage:** <https://opensca.xmirror.cn>
- **Repository:** <https://github.com/XmirrorSecurity/OpenSCA-cli>
- **Upstream docs:** <https://github.com/XmirrorSecurity/OpenSCA-cli/blob/master/README.md>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/XmirrorSecurity/OpenSCA-cli/archive/refs/tags/v3.0.11.tar.gz>
- **Last updated:** 2026-05-15T13:18:50Z
- **Generated:** 2026-06-10T07:18:26+00:00

## Executables

- opensca-cli (cli)
- opensca-cli (alias)

## Build Dependencies

- go

## Install Behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-06-10
- Package-manager version: 3.0.11
- Package-manager updated: 2026-05-15
- Local data status: ok
- Upstream repository: https://github.com/XmirrorSecurity/OpenSCA-cli
- Upstream latest detected: v3.0.11 (current)

## Notes de sécurité

no executable entrypoint in the package index.

- **Geiger risk:** green / low
- no executable entrypoint in the package index

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** opensca-cli
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Scoop - extras/opensca-cli: normalized package name match | Scoop official bucket manifest trees: bucket/opensca-cli.json from https://api.github.com/repos/ScoopInstaller/Extras/git/trees/master?recursive=1
- winget - XmirrorSecurity.OpenSCA-cli: normalized package name match | Windows Package Manager source index: XmirrorSecurity.OpenSCA-cli from https://cdn.winget.microsoft.com/cache/source.msix


## Related Links

- [Terminal utility packages](https://www.automicvault.com/fr/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/fr/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/fr/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/fr/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [go](https://www.automicvault.com/fr/pkg/brew/go/) - Build dependency declared by Homebrew.
- [zizmor](https://www.automicvault.com/fr/pkg/brew/zizmor/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [vet](https://www.automicvault.com/fr/pkg/brew/vet/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [slsa-verifier](https://www.automicvault.com/fr/pkg/brew/slsa-verifier/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [parlay](https://www.automicvault.com/fr/pkg/brew/parlay/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [witness](https://www.automicvault.com/fr/pkg/brew/witness/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [chain-bench](https://www.automicvault.com/fr/pkg/brew/chain-bench/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [ratify](https://www.automicvault.com/fr/pkg/brew/ratify/) - Shares av.db curated category or tags: cli, security, supply-chain, supply-chain-security.
- [poutine](https://www.automicvault.com/fr/pkg/brew/poutine/) - Shares av.db curated category or tags: cli, devsecops, security, supply-chain-security.
- [pip-audit](https://www.automicvault.com/fr/pkg/brew/pip-audit/) - Security-sensitive metadata or terminology overlaps. Shared terms: chain, cli, scanning, security, supply.

## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph