T4D is a tool to help you keep your projects safe - you give it a list of repositories, and it scans them every 24 hours to see if any of the dependencies contains a known security vulnerability. Simple!
- PHP (scans
composer.lock) - NodeJS/Javascript (scans
package.json)
You need to supply T4D with a list of repositories that you want to scan for vulnerabilities. This is done in repos.json. A sample list, repos.json.sample, is supplied with this repository.
cp repos.json.sample repos.json
node t4dYou should format it using your user name as the SSH user, for example I would use gavd:
[
"gavd@github.com:radify/karma-es6-shim.git",
"gavd@github.com:radify/supersecretproject.git",
"gavd@github.com:radify/radiian.git"
]- Shrinkwrap scanning
- Automatically find and install package.json if it's not in the root
- Automatically find composer.lock if it's not in the root
- Slack integration
- Scheduling