In addition to finding vulnerabilities in your business logic, Pensar continuously monitors the dependencies being used in your application to ensure they are not using versions with active CVE alerts.

If an insecure package/dependency version is detected, Pensar will notify you and create an issue in the Dependency tab of your project view in the Pensar Console.

Auto-fixing

Pensar will auto-generate a patch that will upgrade dependencies to secure the closest secure version.

If this upgrade causes any breaking changes in third-party APIs, e.g. the closest secure version is a major version bump, Pensar will also find where in your codebase you are importing and using these packages and will generate a patch to fix any broken logic throughout your repository.

We do this by providing our AI agent with the relevant documentation and context needed to update your code to work with the latest version of an upgraded package.

Data sources

We use a variety of open source and public CVE databases/registries that we constantly scrape to ensure you are alerted as soon as a new CVE is published if your application is affected.

This includes but is not limited to OSV and the GitHub Advisory Database.

Pricing

Dependency scanning is included in our free tier!

Get setup in the Pensar Console or check out our quickstart guide.