Skip to content
/ tendency-for-dependency Public

Keep projects safe by scanning for vulnerable dependencies

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

radify/tendency-for-dependency

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
documentation/img
documentation/img
 
 
tmp
tmp
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package.json
package.json
 
 
repos.json.sample
repos.json.sample
 
 
t4d.js
t4d.js
 
 

Repository files navigation

Tendency for Dependency (T4D)

What is it?

T4D is a tool to help you keep your projects safe - you give it a list of repositories, and it scans them every 24 hours to see if any of the dependencies contains a known security vulnerability. Simple!

What languages are supported?

How it works

Rough workflow of T4D

Configuration

You need to supply T4D with a list of repositories that you want to scan for vulnerabilities. This is done in repos.json. A sample list, repos.json.sample, is supplied with this repository.

cp repos.json.sample repos.json
node t4d

SSH access

You should format it using your user name as the SSH user, for example I would use gavd:

[
	"[email protected]:radify/karma-es6-shim.git",
	"[email protected]:radify/supersecretproject.git",
	"[email protected]:radify/radiian.git"
]

TODO

  • Shrinkwrap scanning
  • Automatically find and install package.json if it's not in the root
  • Automatically find composer.lock if it's not in the root
  • Slack integration
  • Scheduling

About

Keep projects safe by scanning for vulnerable dependencies

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages