Developer Security Tool

Monitor GitHub Repos for
Vulnerable Dependencies

Connect your GitHub account, scan package files for known CVEs, and get actionable upgrade recommendations — automatically.

Start Scanning — $10/mo

security-report.json

{
  "repo": "my-org/api-service",
  "scanned": "2024-01-15",
  "vulnerabilities": [
    {
      "package": "lodash",
      "severity": "HIGH",
      "cve": "CVE-2021-23337",
      "fix": "Upgrade to 4.17.21"
    },
    {
      "package": "axios",
      "severity": "MEDIUM",
      "cve": "CVE-2023-45857",
      "fix": "Upgrade to 1.6.0"
    }
  ]
}

Simple Pricing

Pro

$10

per month

✓Unlimited repo scans
✓CVE vulnerability detection
✓Upgrade recommendations
✓GitHub OAuth integration
✓Weekly automated scans
✓Email security alerts

Get Started

FAQ

Which package managers are supported?

We scan package.json (npm/yarn), requirements.txt (Python), Gemfile.lock (Ruby), and go.mod (Go) files across all your repositories.

How does the vulnerability data stay current?

We pull from the GitHub Advisory Database and OSV (Open Source Vulnerabilities) feed, updated daily, so you always get the latest CVE data.

Do you store my source code?

No. We only read dependency manifest files (e.g. package.json) via the GitHub API. Your source code is never accessed or stored.

Monitor GitHub Repos forVulnerable Dependencies

Simple Pricing

FAQ

Which package managers are supported?

How does the vulnerability data stay current?

Do you store my source code?

Monitor GitHub Repos for
Vulnerable Dependencies