notifies you about security vulnerabilities, license violations and out-dated dependencies in your Git repositories

How does it work?

The idea behind VersionEye is that it monitors your package managers project files on GitHub / Bitbucket / Stash. Project files like Gemfile, package.json, composer.json, pom.xml, Podfile and many others. That way VersionEye knows which open source dependencies you are using and based on that it can send you notifications to security vulnerabilities, license violations and outdated versions which matters to you.

Currently these package managers are supported:

The majority of our community is using VersionEye to monitor their project files (Gemfile, package.json, composer.json, pom.xml, Podfile ...) directly on GitHub or Bitbucket. If your code is not on GitHub or Bitbucket, simply use the native VersionEye plugin for your build tool:

or use the VersionEye API directly. For a one time scan you can simply upload your project file in the login area.

Security Notifications

Nowadays software projects are based on many open source libraries! How do you ensure that you are not using dependencies which has security vulnerabilities? You don't! VersionEye is checking multiple security databases every day and knows which artifacts are vulnerable. VersionEye can monitor your project and send you security notifications if one of your dependencies has a known security vulnerability.
With the native plugins we can even break your build on your CI server if one of your dependencies has a known security vulnerability.

01 veye security

License Notifications

Nowadays software projects are based on many open source components! Some of the components are published under a permissive and others under a copyleft license. If you develop closed source software you should avoid copyleft licenses like GPL! Otherwise you have to open source your project as well! VersionEye can check all your open source dependencies against a license whitelist and notify you about violations! This checks can happen in real time and your software team can react immediately! Depending on your software development process we can even break your build on the CI server if there is a license violation.

01 veye licenses

Version Notifications

VersionEye notifies you about outdated dependencies in your software projects. Nowadays software projects are based on many open source and self developed components. Checking manually for updates for these components is a very time consuming task and not fun at all! VersionEye notifies software developers about outdated dependencies in their projects. That way they can save a lot of time and focus on development. Usually the newest version of a software package has fixed the known security vulnerabilities from the past. It makes sense to keep their dependencies up-to-date ;-)

01 veye dependencies

Pullrequests Integration

VersionEye has a very good integration for GitHub. If you are using the VersionEye GitHub integration, VersionEye will check all dependencies in a pullrequest for potential risks like known security vulnerabilities, unknown licenses and violations of your license whitelist. That way you get notified about potential risks even before you merge a pullrequest. This integration works with GitHub Enterprise as well!
Read more about this feature on our blog.

01 veye pullrequests

Organisations & Teams

In VersionEye projects are grouped inside of an organisation entity. Each organisation entity can have multiple teams and each project can be assigned to multple teams. The email notifications can be configured on the team level. Each team can decide to which aspect of the project they want to receive email notifications and on which day of the week. This model offers a lot of flexibility and is a really good fit for big organisations with many teams and many projects.
Read more about this featur on our blog.

01 veye teams


You can run the VersionEye software as on premise installation on your own server(s) in your own datacenter. That way you can connect it to your LDAP or Active Directory, configure it with your own SMTP or Exchange server and integrate it with your development infrastructure like binary repositories, git repositories and build systems. More information to that is on our Enterprise page.

01 veye global settings

Open Source

VersionEye itself is open source as well! Everything you see here is open source. The source code is on GitHub and everytime we do a deployment, new Docker images are build and published to Docker Hub.

01 veye opensource


The VersionEye crawlers are collecting 24/7 meta information about open source projects which are available through some kind of package manager. Meta information like security vulnerabilities, licenses, versions, descriptions, links and so on. Currently the VersionEye database contains meta information to more than 1.5 Million open source projects. The VersionEye database is accessible through the VersionEye API. Every open source project in our database has a page at where the collected meta information can be viewed.

Most followed libraries