DepsDiver

Open source is the foundation of modern software, but dependency decisions no longer happen the way security teams assume they do. In practice, most dependencies aren’t consciously selected or reviewed upfront. Package managers resolve libraries automatically. CI/CD pipelines pull in components during builds. Code assistants suggest and introduce open source packages as code is written. In turn, dependencies are often adopted implicitly, reused across projects, and buried several layers deep before anyone pauses to ask whether they should be trusted. As a result, trust decisions are being made rapidly and with code assist, they are sometimes bypassing risk assessment entirely and automatically included in your build. DepsDiver fixes that by providing risk informed threat intelligence about who maintains a project, how stable maintainership is, or whether control has changed in ways that introduce risk amongst others.