Dev Tools · 1h ago
VigilOps CLI cuts through dependency CVE noise with reachability analysis
VigilOps is a free, open-source Node.js CLI that scans dependencies for CVEs using OSV.dev and filters out unreachable vulnerabilities via static call graph analysis. It auto-opens GitHub PRs with fixes for reachable issues. Endor Labs' 2024 report found fewer than 9.5% of dependency vulnerabilities are reachable in typical codebases.
Meridian48 take
Reachability analysis is a smart filter for alert fatigue, but static analysis may miss dynamic require patterns, so it's a tradeoff worth noting.
dependency-securitycli-tool