Vigilib - Dependency Audit Tool

About VigiLib Labs

VigiLib is a cross-platform (Windows and Linux) desktop application for auditing your project dependencies.

It scans your projects package files, identifies all libraries, checks for licenses, and searches for known updates and vulnerabilities.

It aims at using free and open source feeds of known vulnerabilities and can export reports on disk in various formats.

VigiLib can be run with a modern, easy to use GUI, or can be integrated in automation pipelines using the CLI build. This project is under development, and is not yet clear if it will opt for an open source free to use approach or if it will be available for a pay once use forever philosophy.

Make sure to check this site for updates!

Features

Creates workspaces where you can load multiple projects.
Searches projects package files based on user selection.
Searches for license texts, version updates.
Matches results against a database of known vulnerabilities.
Generates audits reports in various formats including tool-friendly formats.
Support for multiple projects with separate reports.

MVP Tracking

For the MVP, VigiLib Labs will scan .NET and Python dependencies and will be able to generate html and .json reports.

Architecture

Design, architecture and basic diagrams ready

Dependency scanning ready

.NET and Python dependency scanning prototype

License scanning

License text and aggregator ready

Version update scanning

Dependency version update scanning and aggregator ready

Vulnerability scanning

Detection of CVEs and other known vulnerabilities ready

Report generation

Report in html and .json format ready

Release

Release version of MVP ready to use