What it does
Dependency Advisory Monitor checks your project's dependencies -- npm, PyPI, Maven, Go, and more -- against OSV.dev and the GitHub Advisory Database for known vulnerabilities. Pass a package list or manifest and it returns the advisories that affect you, with severity and affected version ranges. It's CI/CD-ready and needs no login.
Who it's for
Engineering and security teams that want a lightweight, schedulable vulnerability check across multiple ecosystems without standing up a full SCA platform.
Sample fields / output
- Package name and ecosystem
- Installed version
- Advisory / CVE ID
- Severity
- Affected version ranges
- Fixed version
- Summary
- Advisory URL and source (OSV / GitHub)
Example use cases
- Run a dependency vulnerability gate in CI/CD on every build.
- Audit a polyglot monorepo across npm, PyPI, Maven and Go in one pass.
- Schedule a daily scan and alert on newly disclosed advisories.
-> Run Dependency Advisory Monitor on Apify
Related actors
FAQ
Which ecosystems are supported?
npm, PyPI, Maven, Go and more, via OSV.dev and the GitHub Advisory Database.
Can I run it in CI?
Yes -- it's CI/CD-ready and needs no login.
What does each result include?
Advisory/CVE ID, severity, affected and fixed versions, and a link to the source advisory.
Top comments (0)