Skip to content

AFS-Agentics/dep-vigil

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dep-vigil

dep-vigil

Fast Dependency Vulnerability Scanner — Scan your project dependencies against the OSV.dev database and catch CVEs before they reach production.

Crates.io License: MIT


Features

  • 6 manifest formats: Cargo.lock, package.json, package-lock.json, requirements.txt, Pipfile.lock, pom.xml
  • OSV.dev integration: Queries the public OSV vulnerability database in real-time
  • 3 output formats: human-readable text, structured JSON, compact summary
  • CI-ready exit codes: 0 = clean, 1 = low, 2 = medium+, 3 = error
  • Configurable thresholds: --min-severity and --fail-on for policy enforcement
  • Auto-detect: scans common manifests in the current directory

Installation

From source

git clone https://github.com/AFS-Agentics/dep-vigil.git
cd dep-vigil
cargo build --release
cp target/release/dep-vigil /usr/local/bin/

Via Cargo (once published)

cargo install dep-vigil

Usage

Basic scan (auto-detect manifest)

dep-vigil

Scan a specific manifest

dep-vigil --manifest Cargo.lock
dep-vigil --manifest package.json
dep-vigil --manifest requirements.txt

Output formats

dep-vigil --format text      # default — human-readable table
dep-vigil --format json      # structured JSON for CI tooling
dep-vigil --format summary   # compact count-only output

Filter by severity

dep-vigil --min-severity high     # only report HIGH and CRITICAL
dep-vigil --fail-on medium        # exit code 2 if any MEDIUM+ vulns

Write output to file

dep-vigil --output report.json --format json

Exit codes

Code Meaning
0 No vulnerabilities found
1 Vulnerabilities below --fail-on threshold
2 Vulnerabilities at/above --fail-on threshold
3 Scan error (unparseable manifest, network error)

Supported Manifest Formats

Format File Status
Rust Cargo.lock
Node.js (npm v7+) package-lock.json
Node.js package.json
Python (pip) requirements.txt
Python (Pipenv) Pipfile.lock
Java (Maven) pom.xml

Example

$ dep-vigil --manifest Cargo.lock

 dep-vigil — Dependency Vulnerability Scanner

 Scanning Cargo.lock...

┌───────────────┬─────────┬────────────┬──────────┐
│ Package       │ Version │ CVE        │ Severity │
├───────────────┼─────────┼────────────┼──────────┤
│ tokio         │ 1.35.0  │ CVE-2024-… │ HIGH     │
│ serde         │ 1.0.0   │ CVE-2023-… │ MEDIUM   │
│ smallvec      │ 1.11.0  │ CVE-2024-… │ LOW      │
└───────────────┴─────────┴────────────┴──────────┘

 Found 3 vulnerabilities (1 HIGH, 1 MEDIUM, 1 LOW)

License

MIT — see LICENSE

About

Fast dependency vulnerability scanner — scans Cargo.lock, package.json, requirements.txt, pom.xml against the OSV.dev API for known CVEs

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages