One self-contained image runs the entire platform — web console, SCA, SAST across 24 languages, secrets, container, IaC, and signing. The Node runtime, the Python analyzers, and the JDK + Maven used for dependency resolution are all baked in. No external services to wire up. One command on a fresh Linux host:
Installs Docker if needed, pulls the all-in-one image, generates an admin + signing key, and brings the console up on :8080. Add --onprem for the PostgreSQL + TLS production stack.
All-in-one image
ghcr.io/dpndncy/server — the whole platform in one OCI image: console, every scan engine, the Python SAST analyzers, and JDK + Maven for dependency resolution. Docker, Podman, or any OCI runtime. Multi-arch.
One-line installer
curl -fsSL https://get.dpndncy.com | bash — installs Docker if missing, pulls the image, generates secrets + admin, and starts the console. Add --onprem for the Postgres + TLS stack.
Helm chart for Kubernetes
Production-ready chart with optional Postgres backend, ingress, and OIDC config.
Prebuilt VM image
Golden cloud / hypervisor image (AMI · OVA · qcow2) built from the same all-in-one image via Packer. Boots straight into a running console — ideal for air-gapped and VM-only environments.
VS Code extension (.vsix)
Inline scan-on-save with diagnostics on package.json, requirements.txt, pom.xml, and more.
dpndncy-verify (offline)
Single static Linux binary — no network calls, no dependencies. Verifies any DSSE-signed in-toto Statement with a public key.