Security Hub

Bring your software development workflows to security

icon-dependencies

Vulnerable dependencies

Signals & Triggers

On vulnerability disclosed
If vulnerable package in use

Actions

  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Modern applications rely on a lot of external dependencies. They make it easy for developers to build software components faster. But relying on Open Source software also presents a security risk. New security vulnerabilities are published on a regular basis. Keeping track of them and knowing how to fix these vulnerabilities can sometimes be painful.

Sqreen centralizes all the published vulnerabilities from a lot of different security groups and newsletters. When this plugin is enabled, Sqreen will check the declared list of dependencies from the applications’ dependency list and check if it contains vulnerabilities.

If a vulnerability is detected, Sqreen will suggest the version to update to.

Advanced details

When the application starts, Sqreen will retrieve the list of dependencies the application requires. It will send it to Sqreen’s backend, and the list will be compared with an internally maintained list of known vulnerabilities.

Everytime a new vulnerability is disclosed, this plugin will lookup for vulnerabilities amongst your dependencies.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

App dependencies


Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo