Patch-level verification for Bundler
-
Updated
Jul 16, 2026 - Ruby
Patch-level verification for Bundler
📦 Poor man's package manager. +4164 statically linked binaries in the default repos [automated build repos: Go[+34k], Rust[+7k]] (amd64/arm64/riscv)! The easy to use, easy to get, suckless software distribution system.
Go license and dependency checker
Go binary license checker. Extracts module usage information from binaries and analyses their licenses.
Want to test your applications using the latest OWASP security toolchains and the NIST National Vulnerability Database using Jenkins, Ansible and docker? 🐳 🛡️ 🔒
A bash template (BaT) designed to make script development and command line argument management more robust, easier to implement, and easier to maintain
Dependent Pull Requests Checker
Cross-ecosystem dependency maintenance auditor: flags unmaintained, archived, stale, and below-the-fix deps across the full transitive graph. Ruby gems natively; npm/pypi/cargo/go/maven/nuget via CycloneDX SBOM. Signals: activity, OpenSSF Scorecard, OSV advisories, libyear, poison-pill, runtime-ceiling. Outputs SARIF/JSON/CycloneDX with CI gates.
🔄 Managing NPM and Packagist dependencies of the added public Github and Bitbucket repository.
Are your gems alive? bunder-alive checks if gems in a RubyGem's Gemfile.lock are active.
Security scanner for AI-generated code
A Danger plugin to detect if there are any updates to your Swift Package Manager dependencies.
Automatically applies migrations, updates dependencies and opens a PR on new versions of NX
Free dependency vulnerability scanner — scans full transitive tree for CVEs. Supports npm, PyPI, Maven. No signup.
OWASP DependencyCheck Cake Package
PyDoctor is a CLI tool that diagnoses Python development environments — detecting dependency conflicts, vulnerabilities, unused packages, outdated libraries, and environment issues.
Declared, directional dependency provenance for a markdown rule/prompt/spec library — which file owns a concept (SOURCE), which cite it. Not similarity, not backlinks. Change a SOURCE → it names the dependents to re-check; --check fails CI on dangling links. One file, no deps.
DevSecOps in Practice - The Companion Toolkit
🧟 CLI tool to detect abandoned & unmaintained dependencies in package.json and requirements.txt - find software rot before it becomes a security risk
Add a description, image, and links to the dependency-checker topic page so that developers can more easily learn about it.
To associate your repository with the dependency-checker topic, visit your repo's landing page and select "manage topics."