- Zero configuration installation and immediate visibility of security findings in your repositories
- Protects against malicious open source packages
- Easy to use and get started without friction
- Provides optional SafeDep Cloud integration for centralized policy management and reporting
How to Install
- Navigate to SafeDep GitHub App
- Click Install
- Follow the instructions to install the app in your GitHub organization or repository
How to Use
SafeDep GitHub App automatically scans pull requests for open source dependency changes. Newly introduced or updated dependencies are scanned for vulnerabilities and malware.Reports
Active Protection
Appendix
Vulnerabilities
- The current version of SafeDep GitHub App check for any
CRITICALANDHIGHrisk vulnerability. - OSV is used as the vulnerability database
Risky Licenses
-
The current version of SafeDep GitHub App classify following licenses as Risky:
GPL-2.0GPL-2.0-onlyGPL-2.0-or-laterGPL-3.0GPL-3.0-onlyGPL-3.0-or-laterLGPL-2.1LGPL-2.1-onlyLGPL-2.1-or-laterLGPL-3.0LGPL-3.0-onlyLGPL-3.0-or-laterAGPL-3.0AGPL-3.0-onlyAGPL-3.0-or-laterEPL-2.0
Supported Lockfiles
- The current version of SafeDep GitHub App supports these lockfiles and ecosystems:
- NPM
package-lock.jsonpnpm-lock.yamlyarn.lock
- GoLang
go.mod
- PyPI
requirements.txtuv.lockpoetry.lockPipfile.lock
- RubyGems
Gemfile.lock
- Cargo (Rust)
Cargo.lock
- Packagist (PHP)
composer.lock
- Maven (Java)
pom.xmlgrade.lockfile