HomeProductsRepoShield
LIVE — AVAILABLE NOW

RepoShield

DEPENDENCY VULNERABILITY SCANNER

Paste any GitHub URL and get a full CVE inventory, CVSS scores, AI-generated fix commands, and a CycloneDX SBOM — in seconds. Covers 8 package ecosystems via OSV.dev.

quantashield.app/scanner
github.com/owner/repoScan →
CRITICALCVE-2024-21626runc9.8
HIGHCVE-2023-44487golang.org/net7.5
MEDIUMCVE-2024-34069werkzeug5.5
MEDIUMCVE-2023-32681requests6.1
23 vulnerabilities · Risk Score: 84/100
Features

Complete dependency security intelligence

Full CVE Inventory
Every vulnerable dependency listed with its CVE ID, severity (CVSS score), affected version range, and a direct link to the advisory. Covers npm, PyPI, Go, Maven, Cargo, RubyGems, NuGet, and Hex.
Risk Score & Gauge
An aggregated risk score (0–100) is calculated from the severity, exploitability, and count of all findings. The visual gauge gives you an instant read on overall repository health.
AI Remediation Steps
For each CVE, an AI-generated remediation suggests the exact upgrade command and explains why the patched version resolves the vulnerability.
CycloneDX SBOM Export
Download a complete Software Bill of Materials in CycloneDX JSON or XML format. Ready for compliance teams, vendor questionnaires, or automated CI pipelines.
Private Repo Support
Add a GitHub Personal Access Token (stored encrypted with PBKDF2 + AES-256-GCM) to scan private repositories. Required scopes: repo, read:packages.
Scan History
All previous scans are saved locally. Compare vulnerability counts over time to track your security improvements or catch new CVEs introduced by dependency updates.
Coverage

8 package ecosystems

Powered by OSV.dev — the same vulnerability database used by GitHub, Google, and CISA.

npm
JavaScript / TypeScript
PyPI
Python
Go
Golang
Maven
Java / Kotlin
Cargo
Rust
RubyGems
Ruby
NuGet
.NET / C#
Hex
Elixir / Erlang

Ready to audit your repositories?

Sign in and paste your first GitHub URL. Get a full vulnerability report in seconds — no setup required.