VersionEye

notifies you about security vulnerabilities, license violations and out-dated dependencies in your Git repositories

Who is using it?

“Automated version notifications of open source and self developed closed source components by VersionEye Enterprise are very helpful especially to our distributed iOS teams. They help reducing coordination and communication efforts. The VersionEye team always did a great job supporting us with individual features!”

Alexander greim 75 Alexander Greim
Director Mobile Engineering @ XING AG


“VersionEye Enterprise takes the use of open source in our enterprise software development to the next level, helps optimizing our processes and makes our software development even more productive than before.”

Matthias fessenbecker 75 Matthias Feßenbecker
CTO @ SEEBURGER AG


“We are using the VersionEye API to keep our internally hosted NodeJS projects up-to-date. We integrated the VersionEye API into our Continuous Integration Lifecycle via the NPM module versioneye-update and it saves us the hassle for checking updates manually.”

Jens doose 75 Jens Doose
CEO @ Onwerk GmbH

How does it work?

The idea behind VersionEye is that it monitors your package managers project files on GitHub / Bitbucket / Stash. Project files like Gemfile, package.json, composer.json, pom.xml, Podfile and many others. That way VersionEye knows which open source dependencies you are using and based on that it can send you notifications to security vulnerabilities, license violations and outdated versions which matters to you.

Currently these package managers are supported:

The majority of our community is using VersionEye to monitor their project files (Gemfile, package.json, composer.json, pom.xml, Podfile ...) directly on GitHub or Bitbucket. If your code is not on GitHub or Bitbucket, simply use the native VersionEye plugin for your build tool:

or use the VersionEye API directly. For a one time scan you can simply upload your project file in the login area.


Security Notifications

Nowadays software projects are based on many open source libraries! How do you ensure that you are not using dependencies which has security vulnerabilities? You don't! VersionEye is checking multiple security databases every day and knows which artifacts are vulnerable. VersionEye can monitor your project and send you security notifications if one of your dependencies has a known security vulnerability.
With the native plugins we can even break your build on your CI server if one of your dependencies has a known security vulnerability.

01 veye security

License Notifications

Nowadays software projects are based on many open source components! Some of the components are published under a permissive and others under a copyleft license. If you develop closed source software you should avoid copyleft licenses like GPL! Otherwise you have to open source your project as well! VersionEye can check all your open source dependencies against a license whitelist and notify you about violations! This checks can happen in real time and your software team can react immediately! Depending on your software development process we can even break your build on the CI server if there is a license violation.

01 veye licenses

Version Notifications

VersionEye notifies you about outdated dependencies in your software projects. Nowadays software projects are based on many open source and self developed components. Checking manually for updates for these components is a very time consuming task and not fun at all! VersionEye notifies software developers about outdated dependencies in their projects. That way they can save a lot of time and focus on development. Usually the newest version of a software package has fixed the known security vulnerabilities from the past. It makes sense to keep their dependencies up-to-date ;-)

01 veye dependencies

Pullrequests Integration

VersionEye has a very good integration for GitHub. If you are using the VersionEye GitHub integration, VersionEye will check all dependencies in a pullrequest for potential risks like known security vulnerabilities, unknown licenses and violations of your license whitelist. That way you get notified about potential risks even before you merge a pullrequest. This integration works with GitHub Enterprise as well!
Read more about this feature on our blog.

01 veye pullrequests

Organisations & Teams

In VersionEye projects are grouped inside of an organisation entity. Each organisation entity can have multiple teams and each project can be assigned to multple teams. The email notifications can be configured on the team level. Each team can decide to which aspect of the project they want to receive email notifications and on which day of the week. This model offers a lot of flexibility and is a really good fit for big organisations with many teams and many projects.
Read more about this featur on our blog.

01 veye teams

Enterprise

You can run the VersionEye software as on premise installation on your own server(s) in your own datacenter. That way you can connect it to your LDAP or Active Directory, configure it with your own SMTP or Exchange server and integrate it with your development infrastructure like binary repositories, git repositories and build systems. More information to that is on our Enterprise page.

01 veye global settings

Open Source

VersionEye itself is open source as well! Everything you see here is open source. The source code is on GitHub and everytime we do a deployment, new Docker images are build and published to Docker Hub.

01 veye opensource

Database

The VersionEye crawlers are collecting 24/7 meta information about open source projects which are available through some kind of package manager. Meta information like security vulnerabilities, licenses, versions, descriptions, links and so on. Currently the VersionEye database contains meta information to more than 1.2 Million open source projects. The VersionEye database is accessible through the VersionEye API. Every open source project in our database has a page at VersionEye.com where the collected meta information can be viewed.

Most followed libraries

php-src
PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragma...
Followers: 487 | License: PHP-3.01

symfony/symfony
The Symfony PHP framework
Followers: 359 | License: MIT

rails
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages bea...
Followers: 339 | License: MIT

junit
JUnit is the default Test Framework for Java. It is really easy to use and well documented. If you have to write unit tests in...
Followers: 274 | License: EPL-1.0

spring-core
Spring is the most popular application development framework for enterprise Java. It offers a very good implementation of the ...
Followers: 261 | License: Apache-2.0

phpunit/phpunit
The PHP Unit Testing framework.
Followers: 261 | License: BSD-3-Clause

hibernate-core
Historically, Hibernate facilitated the storage and retrieval of Java domain objects via Object/Relational Mapping. Today, Hi...
Followers: 178 | License: LGPL-3.0

Django
A high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Followers: 177 | License: BSD

laravel/framework
Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable, creative ...
Followers: 161 | License: MIT

jquery-mobile
jQuery Mobile is a HTML5-based user interface system designed to make responsive web sites and apps that are accessible on all...
Followers: 150 | License: MIT