Features
Features
Three signals, and several ways to run them.
Libyears
Measure how stale you are
A libyear is the gap between the version you run and the latest release, summed across every dependency. It turns “we're a bit behind” into a number you can track and reduce.
- Release dates pulled from npm, Go, PyPI, Packagist, and Docker registries.
- One score per package, totalled per project.
- Sort the table to find the worst offenders first.
- Track the total over time on the dashboard.
CVEs
Find what's actually exploitable
Trivy does the scanning. Deeps does the triage, so the high-severity, fixable issues are at the top instead of buried.
- Sort by severity and CVSS.
- Filter to CVEs that have a fix available.
- Deep links to the affected package and the fix version.
- No 50-line descriptions in the way.
End-of-life
See what's about to die
Runtimes and base images go end-of-life on a schedule. Deeps reads your manifests and warns before the date, not after.
- Parses Dockerfile, package.json, go.mod, and composer.json.
- Cross-references endoflife.date.
- Counts down: “Node 16 ends in 38 days”.
- Flags anything already past end-of-life.
Delivery
Run it where your code already lives
The scanner is one binary. Everything else wraps it.
- CLI for your laptop.
- Docker image with Trivy bundled.
- GitHub Action and GitLab CI template.
- Hosted dashboard for history and trends.
Notifications
Get told, don't go looking
Pick the channel and the threshold; Deeps pushes when something crosses it.
- Web push, email, APNs, and FCM.
- Per project and per severity.
- Digest or realtime.
- One config, every channel.
Output
Formats for humans and machines
Every scan can leave as a report, a gate, or data.
- JSON for pipelines, SARIF for code scanning.
- Markdown for a PR comment.
- KPI slides for a status update.
- APIs an agent can call.
See it on your code
Run the CLI against a repo. The hosted dashboard is coming.