Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
LowEndInsight is a developer tool for analyzing open source software supply chain risk. The page positions it as “Open source supply chain risk and agentic analysis.” It can analyze public Git repositories, as well as SBOMs in CycloneDX or SPDX JSON format, to identify contributor risk, commit activity, dependency/supply-chain risk, and the proportion of commits generated by bots or AI agents.
Its core metrics include contributor count, bus factor, functional contributors, commit currency, large recent commit risk, SBOM risk, and more. These are useful for assessing whether a project is healthy, whether it is overly dependent on a small number of contributors, and whether recent commits are unusually large. One distinctive feature is Agentic Classification: repositories are classified as human, mixed, or agent based on the share of commits from automated or AI contributors, where human is below 0.3 and agent is above 0.7. On the API side, it provides /v1/analyze, /v1/analyze/{uuid}, /v1/analyze/sbom, plus cache import/export and statistics endpoints. Swagger and an OpenAPI Spec are available, and the curl examples are clear, making it relatively easy to get started.
The page lists Source Code, BSD 3-Clause License, and v0.9.4, indicating a fairly open source project. Its cache export and import endpoints are explicitly designed for air-gapped deployment, showing some consideration for isolated environments or pre-warming caches on internal networks. In terms of ecosystem, the main text only clearly mentions public Git repositories, GitHub token-related capabilities, and CycloneDX/SPDX SBOM support; there is no visible mention of SDKs, CI/CD plugins, IDE plugins, or security platform integrations.
The captured text does not provide pricing, free tier, authentication method, rate limits, or commercial support information, so it is not possible to judge the cost of its hosted service. Documentation quality is decent at the API onboarding level: Quick Start, endpoint lists, risk metrics, risk levels, Swagger, and OpenAPI are all present. However, deeper documentation on deployment steps, risk model explanations, false-positive handling, permission configuration, and similar topics still appears limited.
Its strengths are that it is open source, focused in its metrics, has a simple API, and supports both repositories and SBOMs. Its weaknesses are the limited information on integrations and commercial support; the examples mainly revolve around GitHub, and some checks also depend on a GitHub token. It is suitable for DevSecOps, open source governance, and security review teams to use in dependency intake, project health assessment, and SBOM risk inventory workflows.
The page does not provide information on China access, mirrors, payment, or compliance, so real-world connectivity is unknown. If access is unstable, alternatives worth considering include OpenSSF Scorecard, Socket.dev, Snyk, Sonatype, Mend, or GitHub Dependabot.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on lowendinsight.dev official site.
lowendinsight.dev is an Unknown Dev Tools provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach lowendinsight.dev directly.