OWASP dependency-check includes an analyzer that will detect software packages and checks the Sonatype OSS Index if the package contains vulnerability information to include in the report.
