dpndncY
Download
Ships everywhere
your security team works.

One self-contained image runs the entire platform — web console, SCA, SAST across 24 languages, secrets, container, IaC, and signing. The Node runtime, the Python analyzers, and the JDK + Maven used for dependency resolution are all baked in. No external services to wire up. One command on a fresh Linux host:

$ curl -fsSL https://get.dpndncy.com | bash

Installs Docker if needed, pulls the all-in-one image, generates an admin + signing key, and brings the console up on :8080. Add --onprem for the PostgreSQL + TLS production stack.

All-in-one image

ghcr.io/dpndncy/server — the whole platform in one OCI image: console, every scan engine, the Python SAST analyzers, and JDK + Maven for dependency resolution. Docker, Podman, or any OCI runtime. Multi-arch.

OCI · amd64 + arm64 · self-contained

One-line installer

curl -fsSL https://get.dpndncy.com | bash — installs Docker if missing, pulls the image, generates secrets + admin, and starts the console. Add --onprem for the Postgres + TLS stack.

Fresh Linux host → running in minutes

Helm chart for Kubernetes

Production-ready chart with optional Postgres backend, ingress, and OIDC config.

Helm 3

Prebuilt VM image

Golden cloud / hypervisor image (AMI · OVA · qcow2) built from the same all-in-one image via Packer. Boots straight into a running console — ideal for air-gapped and VM-only environments.

AMI · OVA · qcow2

VS Code extension (.vsix)

Inline scan-on-save with diagnostics on package.json, requirements.txt, pom.xml, and more.

.vsix · PAT auth

dpndncy-verify (offline)

Single static Linux binary — no network calls, no dependencies. Verifies any DSSE-signed in-toto Statement with a public key.

Static · amd64 + arm64