depshieldbeta

About DepShield

Last updated: December 2024

What is DepShield?

DepShield is a vulnerability scanning tool that helps developers and security teams understand which dependency vulnerabilities actually matter. Instead of overwhelming you with every CVE, we prioritize based on real-world exploitation data.

The Problem

Modern applications have hundreds of dependencies. Running npm audit or similar tools often returns dozens of vulnerabilities. Most teams either:

  • Ignore the results because there are too many to address
  • Spend time on low-risk issues while missing critical ones
  • Apply updates blindly, potentially introducing breaking changes

Our Approach

We cross-reference vulnerability data with CISA's Known Exploited Vulnerabilities (KEV) catalog. This catalog lists CVEs with confirmed exploitation in the wild. A vulnerability on this list represents an active threat, not just a theoretical risk.

By surfacing KEV entries first, we help you focus on what attackers are actually exploiting rather than chasing every CVE.

Data Sources

  • OSV (Open Source Vulnerabilities) - A distributed vulnerability database for open source maintained by Google
  • CISA KEV - The Cybersecurity and Infrastructure Security Agency's catalog of known exploited vulnerabilities

Supported Ecosystems

  • npm - Node.js packages (package.json, package-lock.json)
  • pnpm - Fast, disk space efficient package manager (pnpm-lock.yaml)
  • bun - All-in-one JavaScript runtime (bun.lock)
  • Composer - PHP packages (composer.json, composer.lock)

More ecosystems coming soon: Python (requirements.txt), Go (go.mod), Ruby (Gemfile).

For Compliance Teams

Security questionnaires and audits increasingly ask about vulnerability management processes. DepShield provides:

  • Evidence of risk-based vulnerability prioritization
  • Shareable reports for audit documentation
  • Integration with compliance frameworks (SOC 2, ISO 27001, FedRAMP)

Open Source

DepShield is open source. You can review our code, run it locally, or contribute improvements on GitHub.

Contact

Questions, feedback, or feature requests? Reach out at hello@depshield.dev or open an issue on GitHub.

Back to scanning