Your go to for monitoring security of your apps dependencies.

• Connect to GitHub/GitLab with your personal token
• Track projects your personal access token has access to
• more coming, see todo list at the bottom

On this page you can see the list of current vulnerabilities along with historical chart of their amount.

Assuming that you have dory with SSL certs stored in ~/.dinghy/certs https will work out of the box.

1. If you don't have dory installed add the following to nginx container definition in docker-compose.yml:

ports:
    - 10080:80

2. Run make init

If you have dory, you can access the application on www.security.dev If you don't, go to localhost:10080

• Github/Gitlab webhook support
• running checks on schedule
• API for e.g. Icinga
• secure storage of VCS credentials
• authentication - SensioLabs Connect is implemented, more to come
• authorization
• closer integration with Github APIs (Checks API maybe?)
• list of packages installed per application with versions
• list of applications using a given package
• historical stats about vulnerable packages in project