If you maintain real services, "we have Dependabot" is not the whole story. You still end up bouncing between PR noise, registries, advisories, and spreadsheets when you want a single place to answer: what is exposed right now, how bad is it, and what should we do next?
That gap is what we're building toward with FixBeacon — a dependency and vulnerability dashboard tied to the repositories you care about.
What you can try today
The app lives here: https://app.fixbeacon.dev/
In the current experience you can:
- Connect GitHub (and work with Azure DevOps flows where enabled in the product).
- Add repositories to a workspace and run scans from the dashboard.
- See severity breakdowns, installed packages (with vulnerable packages highlighted), and trend views over time.
- Open a detail panel for a finding with identifiers, ecosystem context, and update-oriented guidance when the data supports it (target version, notes links, and similar signals).
- Browse a public intelligence feed with ecosystem filters (for example NuGet and npm).
The marketing site (positioning + updates) stays on https://fixbeacon.dev/.
Why I'm posting this on DEV
This is early software. The useful feedback is rarely "looks nice" — it's specifics:
- Which workflow broke first (connect, add repo, scan, navigation)?
- Which signal is missing (ecosystem, SBOM import, CI, policy, noise controls)?
- Which explanation would have saved you 20 minutes?
If you try it on a repo you actually ship, tell me what felt misleading, slow, or incomplete. That kind of note changes the roadmap faster than any internal brainstorm.
A small ask
If this resonates, try the app and leave a comment here with:
- your ecosystem (npm / NuGet / polyglot),
- the first screen that confused you (if any),
- the one metric or export you'd need to recommend it to a teammate.
Thanks for reading — and for any time you spend kicking the tires.
Disclaimer: I'm building FixBeacon. Links: fixbeacon.dev · app.fixbeacon.dev
Top comments (0)