Sonatype DepShield

Sonatype DepShield

Sonatype DepShield is a GitHub App used by developers to identify and remediate vulnerabilities in their open source dependencies.

Open Source projects work diligently to fix disclosed vulnerabilities. Why shouldn't your project be powered with the knowledge of when and where these vulnerabilities exist and how to eradicate them?

Shield Your Project

DepShield will monitor your project's dependencies for publicly disclosed security vulnerabilities and alert you natively in GitHub when they are discovered.

Powered By OSS Index

Security vulnerability data is powered by Sonatype OSS Index, a free service used by developers to identify open source dependencies and determine if there are any known, publicly disclosed, vulnerabilities.

DepShield Generates GitHub Issues for Known Security Vulnerabilities
DepShield Identifies Where Transitive Dependencies with Vulnerabilities Exist in Your Project
DepShield Generates a Badge Which May Be Included in Your Readme
DepShield Supports Maven and npm Projects

Pricing and setup

Sonatype DepShield logo preview
Sonatype DepShield

Free Vulnerability Protection

Free continuous monitoring of public and private GitHub repositories.

Next: Confirm your installation location.

Sonatype DepShield is provided by a third-party and is governed by separate terms, privacy policy, and support documentation.