# Xygeni Scanners Although known as a whole as the [**Xygeni Scanner**](https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview), Xygeni provides a set of different scanners specialized to find different kinds of issues. {% hint style="info" %} For a full description on installation, prerequisites and usage of **Xygeni Scanner** visit [Xygeni CLI Overview](https://docs.xygeni.io/xygeni-scanner-cli/xygeni-cli-overview) {% endhint %} The **available Xygeni scanners** are:

Dependency Scanner (deps)

The [**Dependency Scanner**](https://docs.xygeni.io/xygeni-products/open-source-security-oss/dependency-scanner) (`deps`) ( see [Open Source Security (OSS)](https://docs.xygeni.io/xygeni-products/open-source-security-oss) ) is a useful tool to *collect and analyze the dependencies of a software project*, aimed at identifying issues related to software supply-chain security. Dependencies are components or packages used in software that will be analyzed for known vulnerabilities or evidences of malware.

Suspect Dependencies Scanner ( suspectdeps)

The [**Suspect Dependencies Scanner** ](https://docs.xygeni.io/xygeni-products/open-source-security-oss/suspect-dependencies-scanner)( `suspectdeps`) ( see [Open Source Security (OSS)](https://docs.xygeni.io/xygeni-products/open-source-security-oss) ) finds suspect dependencies that may be the target of supply-chain attacks. The aim is to detect potential flaws in the dependencies, direct or indirect, in the software project and DevOps tools around, so supply-chain attacks can be prevented. The dependency graph (in fact, the result of the Dependencies Scanner) is analyzed to look for known issues with dependencies. Typo-squatting, dependency confusion or dependencies with suspicious installation scripts are examples of suspect dependencies.

Misconfigurations Scanner ( misconf )

The [**Misconfigurations Scanner**](https://docs.xygeni.io/xygeni-products/software-supply-chain-security-sscs/ci-cd-scanner) ( `misconf` ) ( see [Software Supply-Chain Security (SSCS)](https://docs.xygeni.io/xygeni-products/software-supply-chain-security-sscs) ) is a tool that checks the configuration of the software project under analysis, and reports any misconfiguration currently active for the policy assigned to the project. A misconfiguration in any element of the software pipeline, like a package manager, a build file, or a CI job, might open the door to attacks targeted at the organization’s DevOps chain.

Secrets Scanner ( secrets )

The [**Secrets Scanner**](https://docs.xygeni.io/xygeni-products/secrets-security/secrets-scanner) ( `secrets` ) ( see [Secrets Security](https://docs.xygeni.io/xygeni-products/secrets-security) ) detects hardcoded secrets. It performs thorough scans of code, text files and docker images to identify exposed secrets (API keys, passwords, and other sensitive credentials).

Infrastructure-As-Code Scanner ( iac )

The [**Infrastructure-As-Code Scanner**](https://docs.xygeni.io/xygeni-products/iac-security/iac-scanner) ( `iac` ) ( see [IaC Security](https://docs.xygeni.io/xygeni-products/iac-security) ) processes IaC templates (Terraform, Ansible, CloudFormation, etc) searching for "flaws" or "defects" (a non-compliance) for a certain policy. Most flaws represent a security-related issue that adds significant risk.

Compliance Assessment Scanner ( compliance)

The [**Compliance Assessment Scanner**](https://docs.xygeni.io/xygeni-products/compliance/compliance-scanner) ( `compliance`) ( see [Software Supply-Chain Security (SSCS)](https://docs.xygeni.io/xygeni-products/software-supply-chain-security-sscs) ) checks compliance with Software Supply-Chain Security standards and guidelines. A standard is a list of checkpoints, arranged in categories. A software project is compliant with a standard ("passes") only when all the standard’s required checkpoints passed.

Code Tampering Scanner ( codetamper )

The [**Code Tampering Scanner**](https://docs.xygeni.io/xygeni-products/anomaly-detection/code-tampering-scanner) ( `codetamper` ) ( see [Anomaly Detection](https://docs.xygeni.io/xygeni-products/anomaly-detection) ) is a tool that checks the commits of the software project under analysis, and reports "changes in critical files" according to critical files rules currently active for the policy assigned to the project.

Malware Scanner ( malware )

The [**Malware Scanner**](https://docs.xygeni.io/xygeni-products/code-security-cs/malware-scanner) ( `malware` ) ( see [Code Security (CS)](https://docs.xygeni.io/xygeni-products/code-security-cs) ) is a tool that checks the files of the software project under analysis, and reports "evidences" according to malware detectors currently active for the policy assigned to the project.

Inventory Scanner ( inventory )

The [**Inventory Scanner**](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm/inventory-scanner) ( `inventory` ) ( see [ASPM (Application Security Posture Management)](https://docs.xygeni.io/xygeni-products/application-security-posture-management-aspm) ) is used to discover SDLC assets at scan time, extracting the information from the available project and dependencies descriptors, build files, pipelines describing the CI/CD workflows, IaC templates, and eventually via calls to the tools' APIs.