RepoRadar

RepoRadar is a web app (with optional GitHub/GitLab integrations) that continuously scans your repositories for dependency and supply-chain risk, then turns the noise into a short, prioritized fix list. Instead of dumping hundreds of CVEs, it scores issues by exploitability, presence in your runtime path, and whether a safe upgrade exists. It also flags “silent” risks like abandoned packages, typosquatting lookalikes, and suspicious maintainer changes. The product is realistic for small teams: it focuses on actionable remediation and lightweight workflows (PR suggestions, owner assignment, and a weekly digest) rather than enterprise compliance theater. It’s a combination traditional + AI app: traditional scanners provide the raw findings, while AI summarizes impact, suggests upgrade paths, and drafts PR descriptions. Pricing can start per-repo for startups and scale to per-seat for teams.