- No access to your code is requested. You can update your dependencies manually by uploading your Gemfile.lock or automatically using a git post-commit hook (Octotrack provides a simple script to install).
- Analyse dependencies relationships. Understand the connections between your dependencies and how much you rely on each of them.
- Daily notifications of vulnerabilities and dependencies updates. Octotrack works for you while you sleep 😴 so you never have to wake up in the middle of the night because of a security issue.
The project overview allows quick identification of CVE's, dependencies update status and immediate actions.
Invite your team to join a specific project and keep them updated of new releases and security vulnerabilities.
Easily share with anyone a PDF summarising the vulnerabilities affecting your project and get feedback.
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
Redis-store <=v1.3.0 allows unsafe objects to be loaded from Redis via the use of the Marshal serializer.