Skip to content

Keep projects safe by scanning for vulnerable dependencies

Notifications You must be signed in to change notification settings

radify/tendency-for-dependency

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Tendency for Dependency (T4D)

What is it?

T4D is a tool to help you keep your projects safe - you give it a list of repositories, and it scans them every 24 hours to see if any of the dependencies contains a known security vulnerability. Simple!

What languages are supported?

How it works

Rough workflow of T4D

Configuration

You need to supply T4D with a list of repositories that you want to scan for vulnerabilities. This is done in repos.json. A sample list, repos.json.sample, is supplied with this repository.

cp repos.json.sample repos.json
node t4d

SSH access

You should format it using your user name as the SSH user, for example I would use gavd:

[
	"[email protected]:radify/karma-es6-shim.git",
	"[email protected]:radify/supersecretproject.git",
	"[email protected]:radify/radiian.git"
]

TODO

  • Shrinkwrap scanning
  • Automatically find and install package.json if it's not in the root
  • Automatically find composer.lock if it's not in the root
  • Slack integration
  • Scheduling

About

Keep projects safe by scanning for vulnerable dependencies

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published