| Hey Hacker News, I’m Dawood, creator of Vulert. We’ve just released Vulert 2.0, a platform designed to monitor open-source dependencies for security vulnerabilities, ensure license compliance, and recommend fixes—without requiring access to your codebase or installation. ----------
----------
What's New in 2.0: License Compliance: Automatically checks if your open-source dependencies comply with legal requirements, helping you avoid costly legal issues. Docker Container Security: New insights into risks in container images, with actionable recommendations for improving security. AI-Enhanced Vulnerability Scanning: Vulert Code Guard (coming soon) uses AI to detect if your app is actively using vulnerable functions from open-source libraries, helping you focus on real threats. SBOM Export & Reports: Export your app dependencies as SBOMs, and generate vulnerability reports in PDF format. Application Manager: Configure settings, and integrate with Jira to auto-create issues when vulnerabilities are found. ----------
----------
Why Vulert? Open-Source Growth, Increasing Risks: With the average organization using 1,700 open-source tools, the risk of vulnerabilities is skyrocketing. Targeted Attacks on Open-Source: Attackers are increasingly exploiting open-source components, and traditional security tools often miss the mark. Lack of Effective Solutions: Most existing tools are integration-heavy, require full access to your codebase, or are expensive. Vulert provides a lightweight, cost-effective solution. ----------
----------
Vulert’s Approach: Privacy-First: No need to inspect your code. Just upload your open-source list (e.g., package-lock.json). Proactive: Receive alerts for new vulnerabilities as soon as they’re reported. Affordable: Pay only for the modules you need, starting at $10/month per application. ----------
----------
How It Works: Continuous Monitoring: Stay up-to-date with security advisories across all your dependencies. Real-Time Alerts: Get notifications about new vulnerabilities or threats in your dependencies. Fast Response: If a critical vulnerability is detected, you’ll get an immediate alert. ----------
----------
Key Features: Interactive Dashboard: See your app's security health at a glance. CI/CD Integration: Automatically catch vulnerabilities during development. SIEM Integration: Works with tools like Splunk for continuous monitoring. ----------
----------
Modules Available: Open Source (SCA): Monitors for vulnerabilities in your open-source dependencies. License Compliance: Checks your dependencies for license issues and legal risks. Container Security: Analyzes container images for security issues. SBOM Export: Generates CycloneDX-formatted SBOMs for security and compliance. Code Guard (Coming Soon): AI-powered tool to identify vulnerable functions in your app code. ----------
----------
Try our Vulert Playground to test your app’s security with no sign-up required. Upload your manifest file and get a risk assessment. Useful Links: Vulert Demo Dashboard: https://vulert.com/demo-login?demo=true
Vulert Playground: https://vulert.com/abom
Vulert Vulnerability Database: https://vulert.com/vuln-db
Vulert Blog: https://vulert.com/blog ----------
----------
Join the Open-Source Security Movement:
We’re looking for feedback on Vulert 2.0. Feel free to ask questions, suggest improvements, or share your thoughts on how we can help make open-source software more secure. |
I submitted a package-lock.json file to the playground and got a vulnerability report after processing. The sort order next to the pie chart is weird. Medium / High / Critical / Low. I'd expect Critical / High / Medium / Low?
The vuln report ended up in my email spam folder.
I had to hit 'resend' multiple times to receive the verification email. Once I did, I had to either create a new account or login. I don't yet have a password. When I tried to create an account, it said my email was already taken. This onboarding flow seems quite janky.
Is Vulert Open Source software? I couldn't find any links or repos. What does "Join the Open-Source Security Movement" mean in this context?