Open Source License Compliance & Security

Security

Notifications

VersionEye is checking multiple security databases every day and knows which artifacts are vulnerable. With the native plugins VersionEye can even break your build on your CI/CD server if one of your dependencies has a known security vulnerability.

License

Compliance

Open-Source components are published either under a permissive or a copyleft license. If you develop closed source software you should avoid copyleft licenses like AGPL! VersionEye can check all your open source dependencies against a license whitelist and notify you about violations! These checks can happen in real time and with the right integration it can break your build on your CI/CD server in case of a license violation.

Version

Notifications

Failing on updating open source software to its latest version can cause security leaks. Late software updates lead to vulnerable legacy software which nobody likes to work on. If you want to attrackt new talent, you better keep you software projects up-to-date!

API

VersionEye is built by developers for developers. Simply send your dependency files via HTTP POST request to our API and you will receive the most important KPIs and a link to the complete report.

curl --http1.1 -X POST https://api.versioneye.com/v1/scans \
     -H "Authorization: Bearer 9PAtYY4VzBfcYwGDvFTTtt910CCzlooAh0YZZ1oQ" \
     -F "pm_file[]=@package-lock.json" \
     -F "pm_file[]=@package.json" \
     -F "project_name=game-ui"

{
  "dependencies": 1317,
  "outdated": 541,
  "license_violations": 2,
  "unknown_licenses": 2,
  "security_vulnerabilities": 1,
  "report": https://www.versioneye.com/en/organisations/ve-demo-orga/scans/5f9f2024a38b31d9e082600c"
}

Try it out!

Simply upload a file yourself! Select a dependency manager file that should be scanned.

Notifications

A report alone is worth nothing if nobody is reading it. With VersionEye you can configure very dynamic notification rules. For example you could define a notification which triggers an SMS to your security advisor each time a security vulnerability is found in one of the scans. Or a notification which triggers an email to the compliance department each time a dependency violates your corporate license whitelist.

Pricing

The first 5 scans are all free. The following prices then apply:

1 €

net plus statutory VAT

per file scan

Pay per use

Included file scans: 0

Each file scan: 1 €

Each SMS notification: 0,25 €

Each email notification: 0 €

Users: Unlimited

Only pay for what you use. With this model you have no base fee! You don't pay anything if you don't use our service.

50 €

net plus statutory VAT

per month

Subscription

Included file scans: 200

Each additional file scan: 0,25 €

Each SMS notification: 0,25 €

Each email notification: 0 €

Users: Unlimited

If you plan to integrate our API into your CI/CD pipeline to scan your files daily, it makes sense to use this model because in the long run, you save some Money.

All prices are net prices, plus VAT. The offer is aimed exclusively at business customers. The pricing is based on file scans. Each package manager file that gets scanned is a chargeable transaction. We bill monthly.