The idea behind VersionEye is that it monitors your package managers project files. Project files like Gemfile, package.json, composer.json, pom.xml, Podfile and many others. That way VersionEye knows which open source dependencies you are using and based on that it can send you notifications to security vulnerabilities, license violations and outdated versions which matters to you.
Nowadays software projects are based on many open source
libraries! How do you ensure that you are not using dependencies which has
security vulnerabilities? You don't! VersionEye is checking multiple security databases
every day and knows which artifacts are vulnerable. VersionEye can monitor your project and send you security
notifications if one of your dependencies has a known security vulnerability.
With the native plugins we can even break your build on your CI server if one of your dependencies has a known security vulnerability.
Nowadays software projects are based on many open source components! Some of the components are published under a permissive and others under a copyleft license. If you develop closed source software you should avoid copyleft licenses like GPL! Otherwise you have to open source your project as well! VersionEye can check all your open source dependencies against a license whitelist and notify you about violations! This checks can happen in real time and your software team can react immediately! Depending on your software development process we can even break your build on the CI server if there is a license violation.
VersionEye notifies you about outdated dependencies in your software projects. Nowadays software projects are based on many open source and self developed components. Checking manually for updates for these components is a very time consuming task and not fun at all! VersionEye notifies software developers about outdated dependencies in their projects. That way they can save a lot of time and focus on development. Usually the newest version of a software package has fixed the known security vulnerabilities from the past. It makes sense to keep their dependencies up-to-date ;-)