Use project path, repository URL, manifest upload, or zip upload. dpndncY correlates the results automatically.
01
Scan
Map dependencies
Start with project scan, GitHub repo scan, manifest upload, zip upload, or container image (tarball or registry). dpndncY resolves direct and transitive dependencies.
02
Enrich
Correlate risk data
Vulnerability data (OSV / NVD / GHSA), CVSS, EPSS, CISA KEV, license metadata, and exploitability context are merged into each finding.
03
Decide
Enforce policy gates
Security policies produce a clear PASS or FAIL verdict with explicit violation reasons for severity, CVSS, exploitability, and license posture.
04
Monitor
Watch for drift
Review scan history and re-run scans to track drift in risk, remediation progress, and policy outcome across projects.
Ready to secure your supply chain?
Get full dependency visibility, vulnerability intelligence, and policy enforcement for your organization.
