- No access to your code is requested. You can update your dependencies manually by uploading your Gemfile.lock or automatically using a git post-commit hook (Octotrack provides a simple script to install).
- Analyse dependencies relationships. Understand the connections between your dependencies and how much you rely on each of them.
- Daily notifications of vulnerabilities and dependencies updates. Octotrack works for you while you sleep 😴 so you never have to wake up in the middle of the night because of a security issue.
The project overview allows quick identification of CVE's, dependencies update status and immediate actions.
Invite your team to join a specific project and keep them updated of new releases and security vulnerabilities.
Easily share with anyone a PDF summarising the vulnerabilities affecting your project and get feedback.
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address by the subsequent resolution is...