Integrations

The Dependency Firewall, plumbed into every part of your workflow

The firewall enforces at install time via package-manager registry proxies (in active build-out for npm, PyPI, Maven, NuGet, RubyGems, Cargo, Go). Around it: native GitHub / GitLab / Bitbucket SCM, VS Code, native Slack / Teams / Discord notifications, Jira / Linear ticketing, full SSO/SAML/OIDC, CI/CD via API tokens, and a CLI you can drop into any pipeline.

Dependency Firewall

Registry-proxy enforcement

npm / PyPI / Maven / NuGet / RubyGems / Cargo / Go

Pre-install enforcement · Sub-second decision · Signed JWS evidence

Point your package manager configuration at the dpndncY firewall and every install request gets evaluated before the package lands on disk. Same multi-signal decisioning (KEV, EPSS, ExploitDB, reachability, license obligations, trust-delta) applied at install time, not after.

Configure once via .npmrc, pip.conf, settings.xml, NuGet.Config, or env vars

Three rollout modes: Enforce, Soak / monitor-only, Review

Sub-second decisions on cache hits (P95 < 100ms target)

Bypass requires signed waiver, expiring token, or human approver — bypass attempts audited

Trust-delta gating catches typosquats and package takeovers absolute thresholds miss

Every decision carries a JWS attestation, verifiable offline with the dpndncY public key

Air-gapped deployments fully supported — the proxy lives on-prem

Source Control

GitHub & GitLab

GitHub

Source Control & Remediation

Connect your GitHub account to monitor repositories and automatically open remediation pull requests with patched dependency manifests.

Browse and import repositories for continuous monitoring

Auto-create remediation PRs targeting the default branch

Supports GitHub.com and self-hosted GitHub Enterprise

GHSA advisory enrichment via GitHub token

GitLab

Source Control & Remediation

Monitor GitLab projects and automatically create merge requests when vulnerabilities are detected and patches are available.

Import projects from GitLab for scheduled scanning

Auto-create remediation merge requests

Supports GitLab.com and self-hosted GitLab CE/EE

Authenticate per-project with personal access tokens

IDE

VS Code Extension

VS Code

IDE Extension

Get inline vulnerability warnings directly in your editor as you work on manifest files. Powered by your dpndncY server instance.

Inline diagnostics on package.json, requirements.txt, pom.xml, and more

Scan on save or on open — configurable debounce

Severity filter: show only High/Critical if needed

Connects via Personal API Token to your self-hosted server

Download the .vsix directly from your dpndncY instance

Notifications & Ticketing

Slack, Teams, Discord, Jira, Linear & Webhooks

Slack, Microsoft Teams & Discord

Native notifications

Native formatting per platform — auto-detected by webhook hostname. Slack gets Block Kit, Teams gets Adaptive Cards, Discord gets rich embeds, anything else gets a generic JSON payload. No app installation; just paste the webhook URL.

Slack: Block Kit with severity-coded sections and rationale text

Microsoft Teams: Adaptive Card with action buttons

Discord: rich embed with severity color and metadata

Generic JSON webhook for PagerDuty, Opsgenie, custom endpoints

Triggers: new findings, policy failures, firewall blocks, scan completion

Jira & Linear

Ticketing

Auto-create tickets from findings or firewall blocks with severity, evidence bundle, and remediation guidance attached. Round-trip status updates back to dpndncY so you can see ticket state inline with the finding.

Native Jira API client — cloud and self-hosted Data Center

Native Linear API client

Configurable per-tenant: project key, issue type, default assignee

Bulk-create tickets from a filtered finding view

Two-way sync — close the finding when the ticket closes

Email Alerts

Notifications

Get email notifications when continuous monitoring detects new vulnerabilities in tracked projects. Configurable per project via SMTP.

Works with any SMTP provider — Gmail, Office 365, SendGrid

Per-project notification email address

Summary of new findings with severity and package details

Authentication & Automation

SSO, CI/CD & API Access

SSO / OIDC

Enterprise Authentication

Connect any OpenID Connect-compatible identity provider for single sign-on. Users authenticate with their corporate identity.

Okta, Azure AD / Entra ID, Google Workspace, Keycloak, Auth0

PKCE flow with state and nonce validation

Auto-provisions users on first login

Configured via environment variables — no code changes

CI/CD & API

Automation

Use Personal API Tokens to authenticate from any CI/CD pipeline — GitHub Actions, GitLab CI, Jenkins, CircleCI, or custom scripts.

Generate long-lived tokens from the Profile page

Bearer token auth on all scan and export endpoints

Enforce policy gates — fail builds on PASS/FAIL verdict

Export SARIF, CycloneDX SBOM, and PDF reports via API

Getting started

Four steps to connect any integration

Deploy dpndncY

Run the server on your own infrastructure. All scan data stays within your environment — nothing is sent to the cloud.

Generate a token

Create a Personal API Token from the Profile page. Use it in VS Code, CI pipelines, or to connect GitHub and GitLab.

Configure in settings

Set webhook URLs, notification emails, OIDC credentials, or SMTP details in the platform settings or via environment variables.

Scan & automate

Trigger scans manually, from VS Code, or on a schedule. Get alerts when risk changes between scans.

Plug in. Block at install time.

The Dependency Firewall sits in the workflow you already have — package managers, SCM, IDE, CI/CD, ticketing, chat. Pre-install enforcement with signed evidence, no workflow rewrite required.