The GitHub Dependencies security scan on Vectrix detects a variety of dependency and Dependabot-related security risks in a connected GitHub organization's repositories. This includes dependency vulnerabilities, Dependabot misconfigurations, and other issues.
Scan on-demand to detect active dependency security issues that you have.
Monitor continuously to get alerted about new dependency security issues in the future.
Don't know how dependency security works? Read more below.
What this scan detects
Repositories with vulnerabilities
Detect repositories that utilize software dependencies with known security vulnerabilities. This can be problematic as vulnerable dependencies can introduce supply chain security risks downstream. This scan detects vulnerabilities with critical, high, medium, and low severities.
Repositories with Dependabot disabled
Having GitHub repositories with Dependabot disabled can be problematic as these repositories are not scanned for whether the dependencies it utilizes are vulnerable. This leaves repository owners unaware that their code and downstream software may be compromised.