dpndncY
Use cases
One engine.
Eight situations it handles natively.

Each scenario is a different recipe across the same engines — not a separate product to license, install, or monitor.

Zero-day response

The advisory drops at 03:00 UTC. Re-scan every monitored project; auto-fix PRs land in a single batch with breaking-change analysis; the Dependency Firewall rejects any new install of the vulnerable version while PRs are reviewed.

Detection + Remediation + Prevention

CI/CD pipeline trust

Drop the runtime agent into your pipeline. Every connect, exec, file open, DNS lookup captured at kernel level, correlated to workflow step, policy-evaluated, emitted as DSSE-signed in-toto Statement.

GitHub Action · K8s DaemonSet · systemd

SBOM & compliance evidence

CycloneDX 1.5 + SPDX SBOM per scan with diff-from-last-known. Signed attestation bundle (firewall decisions + scan evidence + runtime trace) ships to your customer or auditor as portable proof.

CycloneDX · SPDX · Signed bundle

AI code risk

AI-risk module attributes likely-AI-generated regions (multi-signal: explicit markers + structural deviation + commit-burst) and amplifies any security finding overlapping high-AI regions.

Git signal · LOC weighting

Open-source supply chain

Multi-signal install-time decisioning: KEV + EPSS + ExploitDB + reachability + attack-path + license + trust score. Trust-delta gating catches typosquats and takeovers absolute thresholds miss.

Trust-delta · Signed waiver bypass

Air-gapped deployment

Run the platform in a fully isolated network — no internet, no telemetry, no remote callbacks. Advisory data is loaded via offline bundles; the verifier needs nothing but the public key.

On-premise · Offline bundles · Public-key verify

Container image attestation

Per-layer SBOM via OCI tarball parser, vulnerability correlation across 9 in-image ecosystems, base-image upgrade guidance. Signed attestation per image build.

OCI · 9 layer ecosystems

Continuous monitoring + regression

Per-scan trend snapshots with full risk vector. Risk-over-time per project, ecosystem, severity, finding type. Review meeting starts with what changed since last week.

Risk delta · Per-scan snapshots

Whichever situation you’re in,
the same evidence comes out.