Fast Dependency Vulnerability Scanner — Scan your project dependencies against the OSV.dev database and catch CVEs before they reach production.
- 6 manifest formats: Cargo.lock, package.json, package-lock.json, requirements.txt, Pipfile.lock, pom.xml
- OSV.dev integration: Queries the public OSV vulnerability database in real-time
- 3 output formats: human-readable text, structured JSON, compact summary
- CI-ready exit codes: 0 = clean, 1 = low, 2 = medium+, 3 = error
- Configurable thresholds:
--min-severityand--fail-onfor policy enforcement - Auto-detect: scans common manifests in the current directory
git clone https://github.com/AFS-Agentics/dep-vigil.git
cd dep-vigil
cargo build --release
cp target/release/dep-vigil /usr/local/bin/cargo install dep-vigildep-vigildep-vigil --manifest Cargo.lock
dep-vigil --manifest package.json
dep-vigil --manifest requirements.txtdep-vigil --format text # default — human-readable table
dep-vigil --format json # structured JSON for CI tooling
dep-vigil --format summary # compact count-only outputdep-vigil --min-severity high # only report HIGH and CRITICAL
dep-vigil --fail-on medium # exit code 2 if any MEDIUM+ vulnsdep-vigil --output report.json --format json| Code | Meaning |
|---|---|
| 0 | No vulnerabilities found |
| 1 | Vulnerabilities below --fail-on threshold |
| 2 | Vulnerabilities at/above --fail-on threshold |
| 3 | Scan error (unparseable manifest, network error) |
| Format | File | Status |
|---|---|---|
| Rust | Cargo.lock |
✅ |
| Node.js (npm v7+) | package-lock.json |
✅ |
| Node.js | package.json |
✅ |
| Python (pip) | requirements.txt |
✅ |
| Python (Pipenv) | Pipfile.lock |
✅ |
| Java (Maven) | pom.xml |
✅ |
$ dep-vigil --manifest Cargo.lock
dep-vigil — Dependency Vulnerability Scanner
Scanning Cargo.lock...
┌───────────────┬─────────┬────────────┬──────────┐
│ Package │ Version │ CVE │ Severity │
├───────────────┼─────────┼────────────┼──────────┤
│ tokio │ 1.35.0 │ CVE-2024-… │ HIGH │
│ serde │ 1.0.0 │ CVE-2023-… │ MEDIUM │
│ smallvec │ 1.11.0 │ CVE-2024-… │ LOW │
└───────────────┴─────────┴────────────┴──────────┘
Found 3 vulnerabilities (1 HIGH, 1 MEDIUM, 1 LOW)MIT — see LICENSE
