GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rtfpessoa → Dependency_spy

rtfpessoa / Dependency_spy

Licence: agpl-3.0
Find known vulnerabilities in your dependencies

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

hacktoberfestnpmcomposerscannermavenvulnerabilitiesdependenciesrubygemsbower

Projects that are alternatives of or similar to Dependency spy

yavdb
Yet Another Vulnerability Database
Stars: ✭ 14 (-83.91%)
Mutual labels:  rubygems, maven, vulnerabilities, dependencies
Asset Packagist
Asset Packagist
Stars: ✭ 235 (+170.11%)
Mutual labels:  hacktoberfest, npm, composer, bower
Npm Gui
Graphic tool for managing javascript project dependencies - in a friendly way.
Stars: ✭ 454 (+421.84%)
Mutual labels:  dependencies, npm, bower
Composer Asset Plugin
NPM/Bower Dependency Manager for Composer
Stars: ✭ 898 (+932.18%)
Mutual labels:  npm, composer, bower
Vscode Versionlens
This project has moved to gitlab
Stars: ✭ 218 (+150.57%)
Mutual labels:  npm, composer, maven
Pkgmirror
Packages Mirroring
Stars: ✭ 62 (-28.74%)
Mutual labels:  npm, composer, bower
Horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (+257.47%)
Mutual labels:  hacktoberfest, scanner, vulnerabilities
Strongbox
Strongbox is an artifact repository manager.
Stars: ✭ 412 (+373.56%)
Mutual labels:  hacktoberfest, npm, maven
Enseada
A Cloud native multi-package registry
Stars: ✭ 80 (-8.05%)
Mutual labels:  npm, maven, rubygems
Showdown Htmlescape
Plugin for Showdown to prevent the use of arbitrary HTML and allow only the specific Markdown syntax.
Stars: ✭ 6 (-93.1%)
Mutual labels:  npm, bower
Ax5ui Uploader
jQuery file uploader, HTML5(IE9+, FF, Chrome, Safari) - http://ax5.io/ax5ui-uploader/
Stars: ✭ 25 (-71.26%)
Mutual labels:  npm, bower
Hoverboard
Conference website template
Stars: ✭ 935 (+974.71%)
Mutual labels:  hacktoberfest, bower
Scala Steward
🤖 A bot that helps you keep your Scala projects up-to-date
Stars: ✭ 812 (+833.33%)
Mutual labels:  dependencies, maven
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+790.8%)
Mutual labels:  scanner, vulnerabilities
Asimov
Automatically exclude development dependencies from Apple Time Machine backups
Stars: ✭ 705 (+710.34%)
Mutual labels:  dependencies, hacktoberfest
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+1019.54%)
Mutual labels:  scanner, vulnerabilities
Jaeles
The Swiss Army knife for automated Web Application Testing
Stars: ✭ 1,073 (+1133.33%)
Mutual labels:  scanner, vulnerabilities
Simplestatemanager
A responsive state manager which allows you to run different javascript at different browser widths
Stars: ✭ 632 (+626.44%)
Mutual labels:  npm, bower
Dependency Land
Find the npm modules that depend on a specific module and semver range.
Stars: ✭ 34 (-60.92%)
Mutual labels:  dependencies, npm
Maven Site
Apache Maven site
Stars: ✭ 54 (-37.93%)
Mutual labels:  hacktoberfest, maven
View All Similar Projects ➔

dependency_spy

Codacy Badge Codacy Badge CircleCI

Finds known vulnerabilities in your dependencies using yavdb as the source agregator of vulnerabilities.

Thanks to the amazing work done by libraries.io all the dependency manifest parsing is handled by bibliothecary and this means we have support for more than 20 package managers. Due to the limited sources of information we only have identified vulnerabilities for the ones listed in yavdb.

Disclaimer

This projects aims to provide an OSS alternative to identify known vulnerabilities for your dependencies. Although it makes a good effort in doing this, there is no assurance it is finding all the publicly available vulnerabilities. The maintainers take no responsibility for any harm caused by you relying on it. Use as a complement to other tools at your own risk.

Supported Package Managers

  • NPM
  • RubyGems
  • Maven
  • Nuget
  • Packagist
  • Pypi
  • Go
  • Cargo

Prerequisites

  • Ruby 2.3 or newer

Installation

gem install dependency_spy

Usage

Examples

Check current directory project

depspy

TODO:

Tests

  • [ ] Version Comparison

Features/Improvements

  • [ ] Ignore vulnerabilities
  • [ ] Improve output formatters
  • [ ] Add more output options

Help

Commands:
  depspy check           # Check dependencies for known vulnerabilities
  depspy help [COMMAND]  # Describe available commands or one specific command
  depspy update          # Update known vulnerabilities database

Options:
  [--verbose], [--no-verbose]   
  d, [--vuln-db-path=VULN-DB-PATH]  # Default: <HOME>/.yavdb/yavdb

Development

After checking out the repo, run bin/setup to install dependencies. Then, run bundle exec rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/rtfpessoa/dependency_spy. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

Copyright

Copyright (c) 2017-present Rodrigo Fernandes. See LICENSE for details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].