OSS Index is a free catalogue of open source components and scanning tools to help developers identify vulnerabilities, understand risk, and keep their software safe.
They have a public REST API (https://ossindex.sonatype.org/doc/rest) that scanning tools can patch into.