{"id":29898505,"url":"https://github.com/mindpatch/vulfy","last_synced_at":"2026-03-16T01:44:22.409Z","repository":{"id":300740449,"uuid":"1006928093","full_name":"MindPatch/Vulfy","owner":"MindPatch","description":"🐺 Vulfy – Fast Rust based package version scanner","archived":false,"fork":false,"pushed_at":"2025-06-23T11:12:21.000Z","size":2628,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-06-23T11:24:32.901Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MindPatch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-23T07:52:56.000Z","updated_at":"2025-06-23T10:45:05.000Z","dependencies_parsed_at":"2025-06-23T11:24:47.942Z","dependency_job_id":"954aa52d-6a3d-44a5-b34b-274d6b85c4e0","html_url":"https://github.com/MindPatch/Vulfy","commit_stats":null,"previous_names":["mindpatch/vulfy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MindPatch/Vulfy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MindPatch%2FVulfy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MindPatch%2FVulfy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MindPatch%2FVulfy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MindPatch%2FVulfy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MindPatch","download_url":"https://codeload.github.com/MindPatch/Vulfy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MindPatch%2FVulfy/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268215611,"owners_count":24214365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-01T11:39:35.301Z","updated_at":"2026-03-16T01:44:17.376Z","avatar_url":"https://github.com/MindPatch.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n \u003cimg src=\"assets/main_logo.png\" alt=\"Vulfy Logo\" width=\"200\"/\u003e\n \n # 🐺 Vulfy\n \n **Fast, cross-language vulnerability scanner that doesn't mess around.**\n \n [![Release](https://img.shields.io/github/v/release/mindPatch/vulfy)](https://github.com/mindPatch/vulfy/releases)\n [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n [![Rust](https://img.shields.io/badge/rust-1.70+-orange.svg)](https://www.rust-lang.org)\n [![CI](https://img.shields.io/github/actions/workflow/status/mindPatch/vulfy/ci.yml)](https://github.com/mindPatch/vulfy/actions)\n\u003c/div\u003e\n\n---\n\n## 🚀 What is Vulfy?\n\nVulfy is a lightning-fast vulnerability scanner that checks your project dependencies for known security issues across **9 programming languages**. Built with Rust for maximum performance, it integrates with the OSV.dev database to provide accurate, up-to-date vulnerability information.\n\n### ✨ Key Features\n\n- 🔥 **Lightning Fast** - Async Rust performance with concurrent scanning\n- 🌍 **Multi-Ecosystem Support** - npm, Python, Rust, Java, Go, Ruby, C/C++, PHP, .NET\n- 📊 **Multiple Output Formats** - Table, JSON, CSV, SARIF for different use cases\n- 🎯 **OSV.dev Integration** - Real vulnerability data from Google's Open Source Vulnerabilities database\n- ⚡ **Zero Configuration** - Works out of the box, configure only what you need\n- 🔄 **CI/CD Ready** - Perfect exit codes and formats for automated pipelines\n- 🤖 **Automation \u0026 Monitoring** - Continuous Git repository monitoring with smart notifications\n- 📋 **Advanced Policy Engine** - Custom vulnerability filtering and security policies\n- 🔔 **Multi-Platform Notifications** - Discord, Slack, and webhook integrations\n\n---\n\n## 📚 Documentation\n\n**[📖 Complete Documentation](docs/README.md)** - Comprehensive guides, tutorials, and API reference\n\n### Quick Navigation\n- **[🚀 5-Minute Quick Start](docs/tutorials/quick-start.md)** - Get scanning immediately\n- **[⚙️ Installation Guide](docs/user-guide/getting-started.md)** - All installation methods\n- **[📋 CLI Reference](docs/user-guide/cli-reference.md)** - Complete command documentation\n- **[🤖 Automation Setup](docs/user-guide/automation-overview.md)** - Continuous monitoring\n- **[🔧 Configuration Schema](docs/api-reference/configuration-schema.md)** - Full configuration reference\n\n---\n\n## 📦 Installation\n\n### Option 1: Pre-built Binaries (Recommended)\n```bash\n# Linux/WSL\ncurl -LO https://github.com/mindPatch/vulfy/releases/latest/download/vulfy-linux-x86_64.tar.gz\ntar -xzf vulfy-linux-x86_64.tar.gz\nsudo mv vulfy /usr/local/bin/\n\n# macOS (Intel)\ncurl -LO https://github.com/mindPatch/vulfy/releases/latest/download/vulfy-macos-x86_64.tar.gz\ntar -xzf vulfy-macos-x86_64.tar.gz\nsudo mv vulfy /usr/local/bin/\n\n# macOS (Apple Silicon)\ncurl -LO https://github.com/mindPatch/vulfy/releases/latest/download/vulfy-macos-aarch64.tar.gz\ntar -xzf vulfy-macos-aarch64.tar.gz\nsudo mv vulfy /usr/local/bin/\n```\n\n### Option 2: Using Cargo\n```bash\ncargo install vulfy\n```\n\n### Option 3: From Source\n```bash\ngit clone https://github.com/mindPatch/vulfy.git\ncd vulfy\ncargo build --release\nsudo cp target/release/vulfy /usr/local/bin/\n```\n\n**Verify Installation:**\n```bash\nvulfy --version\n# Should output: vulfy 0.1.0\n```\n\n---\n\n## 🏃‍♂️ Quick Start\n\n### Basic Vulnerability Scan\n```bash\n# Scan current directory\nvulfy scan packages\n\n# Scan specific directory\nvulfy scan packages --path /path/to/project\n\n# Only show high-severity vulnerabilities\nvulfy scan packages --high-only\n```\n\n### Generate Reports\n```bash\n# JSON for automation/CI\nvulfy scan packages --format json --output security-report.json\n\n# CSV for spreadsheet analysis\nvulfy scan packages --format csv --output vulnerabilities.csv\n\n# SARIF for GitHub Security tab\nvulfy scan packages --format sarif --output vulfy.sarif\n```\n\n### CI/CD Integration\n```bash\n# Fail build if high-severity vulnerabilities found\nvulfy scan packages --high-only --quiet || exit 1\n\n# Scan specific ecosystems only\nvulfy scan packages --ecosystems npm,pypi --no-dev-deps\n```\n\n---\n\n## 🎯 Supported Ecosystems\n\n| Ecosystem | Package Files | Status |\n|-----------|---------------|--------|\n| 📦 **npm** | `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `package.json` | ✅ |\n| 🐍 **Python** | `requirements.txt`, `Pipfile.lock`, `poetry.lock`, `pyproject.toml` | ✅ |\n| 🦀 **Rust** | `Cargo.lock`, `Cargo.toml` | ✅ |\n| ☕ **Java** | `pom.xml`, `build.gradle`, `build.gradle.kts` | ✅ |\n| 🐹 **Go** | `go.mod`, `go.sum`, `go.work` | ✅ |\n| 💎 **Ruby** | `Gemfile.lock`, `Gemfile`, `*.gemspec` | ✅ |\n| ⚙️ **C/C++** | `vcpkg.json`, `CMakeLists.txt`, `conanfile.txt` | 🆕 **NEW!** |\n| 🐘 **PHP** | `composer.json`, `composer.lock` | 🆕 **NEW!** |\n| 🔷 **.NET** | `*.csproj`, `packages.config`, `*.nuspec` | 🆕 **NEW!** |\n\n---\n\n## 📋 Example Output\n\n### Beautiful Table Format (Default)\n```\n🔍 Scanning for package files...\n📦 Found 6 package files across 4 ecosystems\n\n🛡️ VULNERABILITY REPORT\n┌─────────────────────────────────────────┬──────────────┬──────────┬─────────────────┬──────┐\n│ Title │ CVE ID │ Severity │ Package │ Year │\n├─────────────────────────────────────────┼──────────────┼──────────┼─────────────────┼──────┤\n│ Remote Code Execution in lodash │ CVE-2021-123 │ 🔥 High │ lodash@4.17.0 │ 2021 │\n│ Path Traversal in express │ CVE-2022-456 │ 🟡 Medium│ express@4.16.0 │ 2022 │\n│ SQL Injection in sequelize │ CVE-2020-789 │ 🔥 High │ sequelize@5.0.0 │ 2020 │\n└─────────────────────────────────────────┴──────────────┴──────────┴─────────────────┴──────┘\n\n📊 SCAN SUMMARY\n• Total packages scanned: 42\n• Vulnerable packages: 8\n• Total vulnerabilities: 12\n• 🔥 High severity: 4\n• 🟡 Medium severity: 6\n• 🟢 Low severity: 2\n```\n\n**[📖 See All Output Formats](docs/user-guide/output-formats.md)** - JSON, CSV, SARIF examples\n\n---\n\n## 🤖 Automation \u0026 Monitoring\n\nVulfy includes a powerful automation system for continuous security monitoring of Git repositories.\n\n### Key Automation Features\n\n- 📂 **Multi-Repository Monitoring** - Track multiple Git repos with branch-specific scanning\n- ⏰ **Flexible Scheduling** - Hourly, daily, weekly, or custom cron expressions\n- 🔔 **Smart Notifications** - Rich Discord/Slack alerts with severity-based filtering\n- 📋 **Advanced Policy Engine** - Custom vulnerability filtering with keyword matching\n- 🔐 **Authentication Support** - GitHub tokens, SSH keys, private repository access\n- 🏗️ **Ecosystem Filtering** - Per-repository ecosystem targeting for focused scans\n\n### Quick Automation Setup\n\n```bash\n# Initialize automation with example configuration\nvulfy automation init --with-examples\n\n# Validate configuration\nvulfy automation validate\n\n# Run manual scan using automation config\nvulfy automation run\n\n# Start continuous monitoring\nvulfy automation start --foreground\n```\n\n### Example Configuration\n\n```toml\n# Monitor multiple repositories\n[[repositories]]\nname = \"my-web-app\"\nurl = \"https://github.com/user/my-web-app.git\"\nbranches = [\"main\", \"develop\"]\necosystems = [\"npm\", \"pypi\"]\n\n[repositories.credentials]\nusername = \"git\"\ntoken = \"your_github_token_here\"\n\n# Schedule daily scans at 2:00 AM UTC\n[schedule]\nfrequency = \"daily\"\ntime = \"02:00\"\ntimezone = \"UTC\"\n\n# Discord webhook notifications\n[[notifications.webhooks]]\nname = \"Security Alerts\"\nurl = \"https://discord.com/api/webhooks/...\"\nwebhook_type = \"discord\"\nenabled = true\n\n# Advanced security policies\n[[policies]]\nname = \"Critical Authentication Issues\"\nenabled = true\n\n[policies.conditions]\ntitle_contains = [\"authentication\", \"auth\", \"bypass\"]\nseverity = [\"high\", \"critical\"]\n\n[policies.actions]\nnotify = true\npriority = \"critical\"\ncustom_message = \"🚨 Critical auth vulnerability detected!\"\n```\n\n**[📖 Complete Automation Guide](docs/user-guide/automation-overview.md)** - Detailed setup and configuration\n\n---\n\n## 🛠️ Usage \u0026 Configuration\n\n### Command Line Options\n\n```bash\nvulfy scan packages [OPTIONS]\n\nOPTIONS:\n -p, --path \u003cPATH\u003e Directory to scan [default: current directory]\n -f, --format \u003cFORMAT\u003e Output format: table, json, csv, summary, sarif\n -o, --output \u003cFILE\u003e Save results to file\n -e, --ecosystems \u003cLIST\u003e Only scan specific ecosystems (comma-separated)\n -q, --quiet Suppress progress output\n --high-only Show only high/critical severity vulnerabilities\n --no-recursive Don't scan subdirectories\n --no-dev-deps Skip development dependencies\n```\n\n### Project Configuration\n\nCreate `.vulfy.toml` in your project root:\n\n```toml\n[scan]\necosystems = [\"npm\", \"pypi\", \"crates.io\"]\nmin_severity = \"medium\"\nskip_dev_deps = true\nignore_paths = [\"node_modules\", \"vendor\", \".git\"]\n\n[output]\nformat = \"table\"\ncolor = \"auto\"\n\n[api]\ntimeout = 30\nmax_concurrent = 10\nretry_attempts = 3\n```\n\n**[📖 Full Configuration Reference](docs/api-reference/configuration-schema.md)** - Complete schema documentation\n\n---\n\n## 🚀 Roadmap\n\n### ✅ Recently Added\n- 🤖 **Complete Automation System** - Git repository monitoring with scheduling\n- 🔔 **Multi-Platform Notifications** - Discord, Slack, and webhook integrations\n- 📋 **Advanced Policy Engine** - Custom vulnerability filtering and security policies\n- 🆕 **3 New Ecosystems** - C/C++, PHP, and .NET support\n\n### 🔄 Coming Soon\n- 🔧 **Fix Mode** - Automatically update vulnerable packages to safe versions\n- 📈 **Trend Analysis** - Track vulnerability trends over time\n- ⚡ **Watch Mode** - Real-time monitoring for new vulnerabilities\n- 💾 **Database Storage** - Historical scan data and analytics\n\n### 🔮 Future Plans\n- 🐳 **Container Scanning** - Docker image vulnerability detection\n- 🌐 **Web Dashboard** - Centralized security monitoring interface\n- 🔌 **Plugin System** - Extensible architecture for custom integrations\n\n**Have feature requests?** [Open an issue](https://github.com/mindPatch/vulfy/issues/new) and let's discuss!\n\n---\n\n## 🏗️ Architecture \u0026 Performance\n\nVulfy is built with performance and reliability as core principles:\n\n- **⚡ Async-First Design** - Built on Tokio for maximum concurrency\n- **🔧 Strategy Pattern** - Pluggable parsers for different package managers \n- **🚦 Rate Limiting** - Respectful API usage with configurable limits\n- **💾 Memory Efficient** - Streaming parsers for large projects\n- **🛡️ Error Resilient** - Graceful handling of network and parsing errors\n- **🔍 Semantic Versioning** - Proper version comparison using semver crate\n\n**[📖 Architecture Deep Dive](docs/developer-guide/architecture.md)** - Technical implementation details\n\n---\n\n## 🤝 Contributing\n\nWe welcome contributions! Whether it's bug fixes, new features, or ecosystem support.\n\n### Quick Start\n```bash\ngit clone https://github.com/mindPatch/vulfy.git\ncd vulfy\ncargo build\ncargo test\n```\n\n### Contribution Guidelines\n- Follow Rust best practices and run `cargo clippy`\n- Add tests for new features\n- Update documentation for user-facing changes\n- Keep commit messages clear and descriptive\n\n**[📖 Contributing Guide](docs/developer-guide/contributing.md)** - Detailed contribution instructions\n\n---\n\n## 🆘 Support \u0026 Community\n\n### Getting Help\n- **🐛 Bug Reports**: [Create an issue](https://github.com/mindPatch/vulfy/issues/new?template=bug_report.md)\n- **💡 Feature Requests**: [Start a discussion](https://github.com/mindPatch/vulfy/discussions/new?category=ideas)\n- **❓ Questions**: [GitHub Discussions](https://github.com/mindPatch/vulfy/discussions)\n- **📖 Documentation**: [Complete docs](docs/README.md)\n\n### Quick Troubleshooting\n- **\"No package files found\"** - Ensure you're in a project directory with supported package files\n- **\"Network connection failed\"** - Check internet connectivity; Vulfy needs access to OSV.dev API\n- **\"Permission denied\"** - Make sure `vulfy` binary is executable: `chmod +x vulfy`\n\n---\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🙏 Acknowledgments\n\n- **[OSV.dev](https://osv.dev/)** - Comprehensive vulnerability database\n- **Rust Community** - Amazing crates and tooling ecosystem\n- **Contributors** - Everyone who makes Vulfy better\n\n---\n\n\u003cdiv align=\"center\"\u003e\n \u003cstrong\u003eMade with ❤️ and ☕ by mindpatch\u003c/strong\u003e\n \u003cbr\u003e\u003cbr\u003e\n \u003ca href=\"https://github.com/mindPatch/vulfy\"\u003e⭐ Star us on GitHub\u003c/a\u003e |\n \u003ca href=\"https://github.com/mindPatch/vulfy/issues\"\u003e🐛 Report Issues\u003c/a\u003e |\n \u003ca href=\"https://github.com/mindPatch/vulfy/discussions\"\u003e💬 Discussions\u003c/a\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmindpatch%2Fvulfy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmindpatch%2Fvulfy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmindpatch%2Fvulfy/lists"}