[timboslice]

At my day job I am stuck on a Windows IIS stack.

Any plans for windows servers? I'd honestly prioritize this after application dependencies checking for Java/Node etc, but just thought I'd ask.

[j_s]

Check out Mike Taber's¹ cross-platform work-in-progress: https://www.auditshark.com/

It is targeted more at OS-level vulnerabilities (including IIS) rather than application dependency vulnerabilities, but may provide the solution you're looking for.

¹ https://news.ycombinator.com/item?id=9492839

[stephengillie]

Competing solutions include SCCM, Applocker, and Application Whitelisting.