The shortest path to understanding dpndncY is to walk through each operator surface in order. Read this if you’d rather get the geography first than the feature list.
Dashboard — the overview surface
Portfolio-level posture across every project, ecosystem, and engine. Trend snapshots, risk-over-time, currently-failing policy gates, recent firewall blocks. Single pane of glass without being a glorified findings table.
Dependency Firewall — pre-install enforcement
Configure rollout mode (observe / soak / enforce), version-pinning rules, license blocklist, ecosystem coverage. View the live decision log. Bypass routed through an approval workflow with audit trail.
Runtime Agent — kernel-level CI tracing
Connected runners, recent CI jobs, signed runtime traces. Drill into any job to see every connect / exec / file / DNS event correlated to the workflow step that caused it.
Findings — fused, ranked, decided
Every SCA, SAST, IaC, secret, container, attack-path finding in one ranked view. Click any finding to see the multi-signal stack that produced its decision and the policy version that was applied.
Remediation — auto-fix PRs
Open PRs across GitHub, GitLab, self-hosted. Track PR status, breaking-change analysis, merge state. Bulk fix dozens of findings in a single review.
Evidence — the signing root
Per-tenant signing keypair, attestation archive, offline verifier download. Hand the bundle to your auditor; verifier checks signatures with one binary and the public key alone.