Skip to main content
DriftScore

What is a DriftScore?

Every software stack drifts over time. Runtimes age past their support window, frameworks reach end-of-life, dependencies accumulate known vulnerabilities. Your DriftScore measures that exposure in a single, actionable number — the metric at the heart of Code Drift Intelligence.

0best
100worst
The Problem

Software drifts from its known-good baseline

Even a codebase that was fully up-to-date six months ago is drifting right now. EOL calendars roll forward, CVEs are published daily, and framework maintainers drop support without announcement. Teams that don't actively track this accumulate invisible risk.

Dependencies age

npm, pip, Maven, Cargo — packages stop receiving security patches long before teams notice.

Frameworks go EOL

Node LTS, Python minor versions, .NET releases — every major ecosystem has a clock ticking.

OWASP risks accumulate

Vulnerable transitive dependencies hide in the dependency graph, not just your direct requires.

How it works

How DriftScore works

Vibgrate CLI scans your repository and collects the runtime versions, framework versions, and dependency manifests it finds. Each item is scored against:

  • EOL dates from 2,400+ tracked runtimes and frameworks
  • Major-version lag for runtimes and core frameworks
  • CycloneDX and SPDX SBOM formats for dependency provenance
  • Age and maintenance status of direct and transitive dependencies

Those individual signals are normalized and combined into a single 0–100 DriftScore. A score of 0 means every component is current. A score of 100 means everything is maximally drifted. Most production repos sit somewhere in between — and Vibgrate shows you exactly where. Known vulnerabilities are a separate, opt-in check: add vg scan --vulns to include vulnerability data from OSV.

0 – 20
Healthy
Stack is current. Keep it here.
21 – 40
Low drift
A few items need attention soon.
41 – 60
Moderate drift
Remediation is overdue.
61 – 80
High drift
Significant EOL exposure and upgrade lag.
81 – 100
Critical
Immediate action required.
Coverage

What Vibgrate measures

2,400+
Runtimes & frameworks tracked

Node, Python, Ruby, Java, Go, .NET, PHP, and hundreds more — every major ecosystem.

EOL dates
For every major ecosystem

Pulled from authoritative upstream sources and updated continuously.

CycloneDX & SPDX
Native SBOM support

Read and write industry-standard SBOMs for supply-chain compliance.

Get started

How to use your DriftScore

01

Run vg in your repo

Install Vibgrate CLI and run vg in any repository. Bare vg scans the current directory — no path needed.

02

Get your DriftScore in seconds

The Vibgrate CLI analyzes your runtimes, frameworks, and dependencies against live EOL and version data and prints a 0–100 DriftScore with a breakdown by risk category.

03

Connect to Vibgrate Cloud

Push results to Vibgrate Cloud for historical trending, team-wide reporting, and portfolio-level DriftScore tracking across all your repos.

terminal
$ npm install -g @vibgrate/cli
$ vg
DriftScore: 23 / 100

Scan your first repo free

Get your DriftScore in under a minute. No credit card required. Connect to Vibgrate Cloud for team reporting whenever you're ready.