Dependencies is your software-supply intelligence — every package your estate depends on, with its health, risk, vulnerabilities, license, and upgrade opportunities in one place. It answers "what are we built on, and what's risky about it?"
What you'll see
- Package health and drift — which dependencies are outdated and by how much.
- Vulnerabilities — known CVEs in your dependencies, with severity. Where a CVSS rating and an advisory's own rating disagree, prefer the advisory rating.
- Licenses — the license each package carries, so you can catch ones that don't fit your policy.
- Upgrade opportunities — the highest-value upgrades, ranked.
- Breaking change exposure — how risky an upgrade is likely to be before you attempt it.
How to use it
Start with upgrade opportunities. Vibgrate ranks them so you can spend your time on the upgrades that cut the most risk for the least effort. Before committing to a major upgrade, check its breaking change exposure — that's our estimate of how much could break, so you can size the work honestly.
Dependencies, SBOM, and architecture
Dependencies covers package health, vulnerabilities, and licenses. Supply-chain provenance and attestations live under SBOM. The relationships between your own services live under Architecture. They draw on the same scans but answer different questions.