DepGuard

DepGuard is a web app (with optional GitHub/GitLab app) that continuously audits and enforces dependency hygiene across many repos. It focuses on the boring, expensive failures teams keep repeating: unpatched CVEs, abandoned packages, license landmines, and “works on my machine” lockfile drift. It ingests manifests (npm, PyPI, Maven, NuGet, Go, Rust), builds a dependency graph, and applies policy-as-code rules like “no GPL in prod,” “no critical CVEs older than 7 days,” and “pin transitive deps for services with on-call.” It opens actionable PRs with minimal diffs, suggests safe upgrade paths, and flags risky major bumps with blast-radius scoring. This is a combination traditional + AI app: traditional scanning/policy for correctness, AI only for upgrade guidance, PR summaries, and remediation options. Expect slow sales cycles and heavy trust requirements, but real ROI when it prevents incidents.