Your go to for monitoring security of your apps dependencies.
- Connect to GitHub/GitLab with your personal token
- Track projects your personal access token has access to
- more coming, see todo list at the bottom
On this page you can see the list of current vulnerabilities along with historical chart of their amount.
Assuming that you have dory with SSL certs stored in
~/.dinghy/certshttpswill work out of the box.
- If you don't have
doryinstalled add the following tonginxcontainer definition indocker-compose.yml:
ports:
- 10080:80- Run
make init
If you have dory, you can access the application on www.security.dev
If you don't, go to localhost:10080
- Github/Gitlab webhook support
- running checks on schedule
- API for e.g. Icinga
- secure storage of VCS credentials
- authentication - SensioLabs Connect is implemented, more to come
- authorization
- closer integration with Github APIs (Checks API maybe?)
- list of packages installed per application with versions
- list of applications using a given package
- historical stats about vulnerable packages in project