Need help with dependency_spy?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

Global Rank
#55,363
Topics of expertise
http4s
akka-ht...
scala-n...
dropwiz...
sbt-plu...
packagi...
scalajs
rubygem...
Location
Lisbon
87 Stars 6 Forks GNU Affero General Public License v3.0 46 Commits 5 Opened issues

Description

Find known vulnerabilities in your dependencies

Services available

!
?

Need anything else?

Contributors list

# 55,363
Maven
scalajs
http4s
Racket
22 commits
# 361,752
HTML
CSS
rubygem...
Maven
4 commits
# 187,497
Go
Maven
starlet...
GraphQL
3 commits
# 172,123
Maven
qr-code...
HTML
CSS
1 commit

dependency_spy

Codacy Badge Codacy Badge CircleCI

Finds known vulnerabilities in your dependencies using yavdb as the source agregator of vulnerabilities.

Thanks to the amazing work done by libraries.io all the dependency manifest parsing is handled by bibliothecary and this means we have support for more than 20 package managers. Due to the limited sources of information we only have identified vulnerabilities for the ones listed in yavdb.

Disclaimer

This projects aims to provide an OSS alternative to identify known vulnerabilities for your dependencies. Although it makes a good effort in doing this, there is no assurance it is finding all the publicly available vulnerabilities. The maintainers take no responsibility for any harm caused by you relying on it. Use as a complement to other tools at your own risk.

Supported Package Managers

  • NPM
  • RubyGems
  • Maven
  • Nuget
  • Packagist
  • Pypi
  • Go
  • Cargo

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install dependency_spy

Usage

Examples

Check current directory project

depspy

TODO:

Tests

  • [ ] Version Comparison

Features/Improvements

  • [ ] Ignore vulnerabilities
  • [ ] Improve output formatters
  • [ ] Add more output options

Help

Commands:
  depspy check           # Check dependencies for known vulnerabilities
  depspy help [COMMAND]  # Describe available commands or one specific command
  depspy update          # Update known vulnerabilities database

Options: [--verbose], [--no-verbose]
d, [--vuln-db-path=VULN-DB-PATH] # Default: /.yavdb/yavdb

Development

After checking out the repo, run

bin/setup
to install dependencies. Then, run
bundle exec rake spec
to run the tests. You can also run
bin/console
for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run

bundle exec rake install
. To release a new version, update the version number in
version.rb
, and then run
bundle exec rake release
, which will create a git tag for the version, push git commits and tags, and push the
.gem
file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/dependency_spy. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.