- No access to your code is requested. You can update your dependencies manually by uploading your Gemfile.lock or automatically using a git post-commit hook (Octotrack provides a simple script to install).
- Analyse dependencies relationships. Understand the connections between your dependencies and how much you rely on each of them.
- Daily notifications of vulnerabilities and dependencies updates. Octotrack works for you while you sleep 😴 so you never have to wake up in the middle of the night because of a security issue.
The project overview allows quick identification of CVE's, dependencies update status and immediate actions.
Invite your team to join a specific project and keep them updated of new releases and security vulnerabilities.
Easily share with anyone a PDF summarising the vulnerabilities affecting your project and get feedback.
ruby-saml prior to version 1.7.0 is vulnerable to an authentication bypass via incorrect XML canonicalization and DOM traversal. Specifically, there are inconsistencies in handling of comments within XML nodes, resulting in incorrect parsing of the inner text of XML nodes such that any inner text...
Stored XSS on the OAuth Client's name will cause users being prompted for consent via the "implicit" grant type to execute the XSS payload. The XSS attack could gain access to the user's active session, resulting in account compromise. Any user is susceptible if they click the authorization lin...