Integrations
Fits into your existing workflow
Connect dpndncY to GitHub, GitLab, VS Code, Slack, your SSO provider, and any CI/CD pipeline — no workflow changes required.
Source Control
GitHub & GitLab
Connect your GitHub account to monitor repositories and automatically open remediation pull requests with patched dependency manifests.
Browse and import repositories for continuous monitoring
Auto-create remediation PRs targeting the default branch
Supports GitHub.com and self-hosted GitHub Enterprise
GHSA advisory enrichment via GitHub token
Monitor GitLab projects and automatically create merge requests when vulnerabilities are detected and patches are available.
Import projects from GitLab for scheduled scanning
Auto-create remediation merge requests
Supports GitLab.com and self-hosted GitLab CE/EE
Authenticate per-project with personal access tokens
IDE
VS Code Extension
Get inline vulnerability warnings directly in your editor as you work on manifest files. Powered by your dpndncY server instance.
Inline diagnostics on package.json, requirements.txt, pom.xml, and more
Scan on save or on open — configurable debounce
Severity filter: show only High/Critical if needed
Connects via Personal API Token to your self-hosted server
Download the .vsix directly from your dpndncY instance
Notifications
Slack, Teams & Webhooks
Receive vulnerability alerts in Slack or Teams via incoming webhook URLs — no app installation required on either side.
Per-project webhook URL in Monitoring settings
Alert fires when new vulnerabilities are detected between scans
Works with Discord, PagerDuty, or any JSON POST endpoint
Get email notifications when continuous monitoring detects new vulnerabilities in tracked projects. Configurable per project via SMTP.
Works with any SMTP provider — Gmail, Office 365, SendGrid
Per-project notification email address
Summary of new findings with severity and package details
Authentication & Automation
SSO, CI/CD & API Access
Connect any OpenID Connect-compatible identity provider for single sign-on. Users authenticate with their corporate identity.
Okta, Azure AD / Entra ID, Google Workspace, Keycloak, Auth0
PKCE flow with state and nonce validation
Auto-provisions users on first login
Configured via environment variables — no code changes
Use Personal API Tokens to authenticate from any CI/CD pipeline — GitHub Actions, GitLab CI, Jenkins, CircleCI, or custom scripts.
Generate long-lived tokens from the Profile page
Bearer token auth on all scan and export endpoints
Enforce policy gates — fail builds on PASS/FAIL verdict
Export SARIF, CycloneDX SBOM, and PDF reports via API
Getting started
Four steps to connect any integration
1
Deploy dpndncY
Run the server on your own infrastructure. All scan data stays within your environment — nothing is sent to the cloud.
2
Generate a token
Create a Personal API Token from the Profile page. Use it in VS Code, CI pipelines, or to connect GitHub and GitLab.
3
Configure in settings
Set webhook URLs, notification emails, OIDC credentials, or SMTP details in the platform settings or via environment variables.
4
Scan & automate
Trigger scans manually, from VS Code, or on a schedule. Get alerts when risk changes between scans.
Plug in. Stay secure.
dpndncY fits into any stack — from solo developers to enterprise security teams.
