Single binary. Zero config. Detects vulnerabilities, malicious code, hardcoded secrets, workflow misconfigurations, and unexpected network connections.
curl -fsSL https://depsec.dev/install | sh AST-aware analysis via tree-sitter. Catches eval/exec injection, credential harvesting, encoded payloads, install hooks, and obfuscation — while ignoring safe regex.exec() calls.
20 format-specific regex patterns plus 3 AST-based rules combining variable name analysis with Shannon entropy. Catches AWS keys, GitHub tokens, Stripe keys, PEM files, and more.
Queries the OSV API for all ecosystems in one pass. Parses Cargo.lock, package-lock.json, yarn.lock, pnpm-lock.yaml, Gemfile.lock, go.sum, poetry.lock, and requirements.txt.
Hardens GitHub Actions. Detects unpinned actions, expression injection via user-controlled inputs, pull_request_target attacks, and overly permissive workflow permissions.
Runtime surveillance catches attacks invisible to static analysis: IMDS credential theft, C2 check-ins, DNS exfiltration, reverse shells, and install-time phone-home behavior.
Checks that SECURITY.md exists, .gitignore covers sensitive patterns (.env, *.pem, *.key), lockfiles are committed, and branch protection is enabled on main.
One command wraps any package install with preflight checks, OS-level sandboxing, network monitoring, and file watchdog — all running concurrently.
Typosquatting detection via Levenshtein distance against 237 popular packages. Install hook detection. Lockfile integrity. deps.dev metadata freshness.
OS-level isolation. Masks ~/.ssh, ~/.aws,
~/.gnupg, ~/.npmrc via tmpfs overlays.
Bubblewrap on Linux, sandbox-exec on macOS, Docker anywhere.
Network polling every 100ms via ss/lsof.
Classifies connections as expected, unexpected, or critical.
IMDS credential theft is an instant flag.
HMAC-SHA256 signed JSON recording every connection, file access, and write violation. Tamper-evident proof for your audit trail.
Auto-routes all package managers (npm, pip, cargo, go, gem, bundle) through the protection pipeline.
Plants fake but realistic credentials inside the sandbox — SSH keys, AWS creds, .env files.
If a malicious script reads them, the watchdog catches it immediately.
Monitors every open file descriptor in the entire process tree at 100ms intervals.
Detects sensitive file reads and write boundary violations outside the project.
Detection rate against 10,582 real malware packages from the Datadog malicious-software-packages-dataset.
Not a synthetic benchmark. Real supply chain attacks extracted from npm and PyPI registries.
Other tools specialize. depsec covers the full surface — dependencies, code patterns, secrets, workflows, and network — in a single binary.
| Feature | depsec | gitleaks | trufflehog | guarddog | zizmor | snyk |
|---|---|---|---|---|---|---|
| Language | Rust | Go | Go | Python | Rust | SaaS |
| Single binary | ||||||
| Secrets (regex) | 20 | 800+ | 800+ | |||
| Secrets (AST + entropy) | ||||||
| Malware detection | 15 rules | |||||
| AST-aware analysis | tree-sitter | semgrep | ||||
| Vulnerability scan | OSV (all) | |||||
| Workflow security | 5 rules | 34 rules | ||||
| Network monitoring | ||||||
| LLM triage | ||||||
| Reachability | ||||||
| Auto-fix | ||||||
| Zero config |
One command gives you a security grade with actionable findings. Build-only tools are separated from runtime threats.
depsec ships with agent instructions out of the box. Add it to your AI coding tool and it will scan, fix, and protect your project automatically.
Or use the SKILL.md in the repo root — follows the
AgentSkills spec.
Codex CLI, Cursor, and Windsurf automatically read AGENTS.md from
the repo root. No extra setup needed.
One SKILL.md works across 10+ AI coding tools via the
open AgentSkills standard.
Auto-detects OS & arch. Verifies SHA-256 checksum. Installs to ~/.local/bin.
Requires Rust toolchain. Builds with LTO and strip for minimal binary size.
SARIF output integrates with GitHub Code Scanning. Exit code 1 on findings.