Dependency Security Scanning Core Concepts | GeekWala
Loading...
Skip to main content
GeekWala

Understanding GeekWala Fundamentals

Understanding the fundamental building blocks of GeekWala

🎯 What is GeekWala?

GeekWala is a comprehensive security scanning platform that checks your software dependencies for known vulnerabilities. It integrates with multiple package ecosystems and sends email alerts when scans find security issues.

🔍

Scheduled Scanning

Set up daily, weekly, or monthly scans against the OSV vulnerability database

🚨

Scan Alerts

Get email notifications when scans find vulnerabilities in your projects

📊

Actionable Insights

Detailed vulnerability reports with upgrade recommendations

📁 Projects

A Project is a collection of dependencies that you want to monitor for security vulnerabilities. Think of it as a folder containing all the packages used by a specific application or service.

📝 Project Examples

  • • "Production Web App" - Frontend and backend dependencies for your main application
  • • "Mobile API" - Dependencies used by your mobile app's REST API
  • • "Data Pipeline" - Python packages used in your analytics pipeline
  • • "Legacy System" - Dependencies for a legacy application that needs monitoring

Project Properties

PropertyDescriptionExample
NameHuman-readable identifier"My Web App"
DescriptionOptional detailed description"Production React app with Node.js API"
Package CountNumber of tracked dependencies47 packages
ScheduleAutomated scan frequency (Pro only)Daily at 6:00 AM UTC

📦 Dependencies (Project Items)

Dependencies are the individual packages, libraries, or modules that your project tracks. Each dependency belongs to a specific ecosystem and has version information.

Supported Ecosystems

JavaScript/Node.js

Ecosystem: npm
File: package.json
Example: lodash@^4.17.21

Python

Ecosystem: PyPI
File: requirements.txt
Example: requests>=2.25.0

PHP

Ecosystem: Packagist
File: composer.json
Example: guzzlehttp/guzzle:^7.0

Java

Ecosystem: Maven
File: pom.xml
Example: org.springframework:spring-core:5.3.21

Go

Ecosystem: Go
File: go.mod
Example: github.com/gin-gonic/gin v1.7.7

Rust

Ecosystem: crates.io
File: Cargo.toml
Example: serde = "1.0"

Ruby

Ecosystem: RubyGems
File: Gemfile.lock
Example: rails (7.0.3.1)

.NET

Ecosystem: NuGet
File: *.csproj
Example: Newtonsoft.Json 13.0.1

Version Constraints

You can specify version constraints to monitor specific ranges of package versions:

  • ^4.17.21 - Caret range (npm)
  • >=2.25.0 - Greater than or equal (PyPI)
  • ~>7.0 - Pessimistic constraint (Ruby)
  • 1.0.* - Wildcard constraint
  • 2.1.5 - Exact version

GeekWala scans exact versions. Version constraints are stored for context, but scans require a resolved version from a lockfile or a pinned entry.

🔍 Vulnerability Scans

A Scan is the process of checking your project's dependencies against the OSV (Open Source Vulnerabilities) database to identify known security issues.

How Scanning Works

Upload

Submit your dependency manifest

Parse

Extract packages & versions

Query OSV

Check vulnerability database

Enrich

Add EPSS & KEV data

Report

Prioritized results

From upload to actionable report in seconds—powered by real-time vulnerability intelligence.

Scan Types

🔘 Manual Scans

  • •Triggered on-demand by you
  • •Available on all plans (with limits)
  • •Instant results when OSV is available
  • •Perfect for one-time checks

⏰ Scheduled Scans

  • •Automated daily/weekly/monthly scans
  • •Pro plan feature only
  • •Configurable timezone and time
  • •Email alerts on new vulnerabilities

Scan Results

Each scan produces a detailed report showing:

📊 Summary Statistics

  • •Total packages scanned
  • •Number of vulnerabilities found
  • •Severity breakdown (Critical, High, Medium, Low)
  • •Scan duration and timestamp

🎯 Detailed Findings

  • •Package-by-package vulnerability details
  • •CVE/GHSA identifiers and links
  • •Affected version ranges
  • •Fix recommendations and upgrade paths
  • •EPSS exploit prediction scores to prioritize remediation
  • •CISA KEV status for actively exploited vulnerabilities

📈 Historical Comparison

  • •New vulnerabilities since last scan
  • •Resolved issues (upgraded packages)
  • •Trend analysis over time
  • •Export capabilities (CSV/JSON)

🗄️ OSV Database

The OSV (Open Source Vulnerabilities) database is a comprehensive, open-source vulnerability database that aggregates security advisories from multiple sources.

✅ Why OSV?

  • • Maintained by Google and the open-source community
  • • Aggregates data from GitHub Security Advisories, CVE, and ecosystem-specific databases
  • • Standardized vulnerability format across all ecosystems
  • • Frequently updated with newly disclosed vulnerabilities
  • • Free and open API with no rate limits for basic usage

Coverage

OSV covers vulnerabilities across all major package ecosystems, ensuring comprehensive protection for your multi-language projects.

💰 Plans and Limits

Overview of Free and Pro tier capabilities. For detailed API rate limits, export options, and billing information, see the full plan comparison in FAQ.

🆓 Free Plan

Projects:5
Total Packages:200
Scans per Month:50
Scan History:30 days
Scheduled Scans:No
Email Alerts:No

⭐ Pro Plan

Projects:Unlimited
Total Packages:Unlimited
Scans per Month:Unlimited
Scan History:1 year
Scheduled Scans:daily/weekly/monthly
Email Alerts:Yes

$12/month or $99/year (save 31%)

💡 Anonymous Usage: You can try GeekWala without an account! Visit the Vulnerability Scan page to scan up to 10 packages with a 500KB file size limit.