Hey Dev.To community! 👋
I've just launched a new open-source project that might be of interest to those building CI/CD pipelines or managing internal security tooling: Ephemeral Vulnerability Scanner.
This is a 100% client-side application built with vanilla JS/HTML/CSS. You clone it, open index.html, upload your system inventory (inventory.json), and get an instant, privacy-safe vulnerability report.
💡 Why this architecture?
- It addresses the privacy concern: No sensitive system data leaves your device.
- It's fast and eliminates backend maintenance overhead.
- It's transparent: you can literally inspect the app.js source to see the entire logic.
Under the Hood:
- We use platform-specific commands (PowerShell, dpkg, rpm, brew) to generate the initial JSON inventory.
- The analysis logic hits MSRC CSAF API (Windows), OSV.dev API (Open Source), and CISA KEV for a strict, verified lookup.
- Results are grouped into clean, actionable "Package Cards" with the minimum safe version calculated automatically.
Check out the repo, try the demo, and let me know what you think of the client-side approach for security analysis!
🔗 Live Demo: VulnScan
Top comments (0)