Your First Dependency Scan
Run your first vulnerability scan in under 5 minutes
Quick Start Guide
From zero to your first scan in 60 seconds. Choose your preferred scanning method below.
Choose Your Scanning Method
~30 secAnonymous Scan
Visit the Vulnerability Scan page and paste your dependency manifest directly—no account required.
Authenticated Scan
Sign up free to unlock persistent monitoring, unlimited scans, and projects.
Run Your First Scan
~1 min- Paste or upload your lock file (package-lock.json, requirements.txt with ==, pom.xml, composer.lock, go.mod, Cargo.lock, Gemfile.lock, or packages.lock.json)
- Anonymous scans require exact package versions. Use lock files or manifests with pinned versions (not version ranges like ^1.0.0 or ~2.3.0).
- Click "Check for Vulnerabilities" to initiate a real-time scan against the OSV database
- View results instantly with severity classification (Critical, High, Medium, Low)
Take Action
~2 min- Free users: Save packages to a project for ongoing monitoring (up to 5 projects, 200 packages)
- Pro users: Enable automated scheduled scans (daily/weekly/monthly) with email alerts on new CVEs
- Export results as CSV or JSON for integration with your security workflow
Example: Pinned vs Unpinned Versions
Anonymous scans require exact versions. Here's what works and what doesn't:
{
"dependencies": {
"express": "4.18.2",
"lodash": "4.17.21",
"axios": "1.6.0"
}
}✓ Lock files like package-lock.json, Gemfile.lock, composer.lock
{
"dependencies": {
"express": "^4.18.0",
"lodash": "~4.17.0",
"axios": ">=1.0.0"
}
}✗ Version ranges cannot be scanned without exact versions
Django==4.2.7
requests==2.31.0
pytest==7.4.3{
"packages": [{
"name": "symfony/console",
"version": "v6.3.4"
}]
}Understanding Scan Results
Interpret vulnerability reports and prioritize remediation effectively.
Summary Dashboard
Each scan provides a high-level overview with four key metrics:
Total
Dependencies analyzed
Affected
With vulnerabilities
Secure
No known CVEs
Needs Version
Exact version required
Vulnerability Details
Click any affected package to view:
- • CVE identifiers (e.g., CVE-2024-1234) with CVSS severity scores
- • Detailed vulnerability descriptions from OSV
- • Affected version ranges and recommended fixes
- • Reference links to advisories (GitHub Security, NVD, vendor advisories)
Change Tracking
Subsequent scans show:
- • New vulnerabilities detected since last scan
- • Resolved vulnerabilities (packages updated or removed)
- • Trend indicators to track your security posture over time
Supported Ecosystems
GeekWala supports comprehensive vulnerability scanning across 8 package managers.
| Language | File | Ecosystem | Version Format |
|---|---|---|---|
| JavaScript/Node.js | package.json | npm | Semantic versioning (^1.0.0, ~2.1.0) |
| Python | requirements.txt | PyPI | Operators (==, >=, <=, ~=) |
| PHP | composer.json | Packagist | Constraints (^, ~, >=) |
| Java | pom.xml | Maven Central | SNAPSHOT, RELEASE, pinned |
| Go | go.mod | Go modules | Semantic versioning, pseudo-versions |
| Rust | Cargo.toml | crates.io | Caret (^), tilde (~), exact |
| Ruby | Gemfile.lock | RubyGems | Locked exact versions |
| .NET | *.csproj | NuGet | Version ranges and exact |
Anonymous Scan Limitations
- • Requires pinned versions (no version ranges)
- • Maximum 10 packages per scan
- • File size limited to 500KB
Authenticated Scan Benefits
- • Exact versions required for scanning (use lockfiles or pin versions manually)
- • Up to 500 packages per scan
- • Unlimited packages in projects (Pro tier)
- • File size limit up to 512KB