Security Hub

Bring your software development workflows to security

icon-dependencies

Vulnerable dependencies

Signals & Triggers

On vulnerability disclosed
If vulnerable package in use

Actions

  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

Modern applications rely on a lot of external dependencies. They make it easy for developers to build software components faster. But relying on Open Source software also presents a security risk. New security vulnerabilities are published on a regular basis. Keeping track of them and knowing how to fix these vulnerabilities can sometimes be painful.

Sqreen centralizes all the published vulnerabilities from a lot of different security groups and newsletters. When this plugin is enabled, Sqreen will check the declared list of dependencies from the applications’ dependency list and check if it contains vulnerabilities.

If a vulnerability is detected, Sqreen will suggest the version to update to.

Advanced details

When the application starts, Sqreen will retrieve the list of dependencies the application requires. It will send it to Sqreen’s backend, and the list will be compared with an internally maintained list of known vulnerabilities.

Everytime a new vulnerability is disclosed, this plugin will lookup for vulnerabilities amongst your dependencies.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

App dependencies


Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://8dc0b36f0ea6f2f21b721765e10a7e02768cd1825b4551f4:@packagecloud.io/install/repositories/sqreen/sqreen/script.deb.sh | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo