We are using Tesseract and Leptonica installed on an Unix system to meet some requirements. Since both were termed to be open source, we were subjected to scan both for open source vulnerabilities.
Repository details: https://github.com/tesseract-ocr/tesseract
How should I scan tesseract and Leptonica for open source vulnerabilities., any examples would be much appreciated.