DepSentry is a lightweight web interface for exploring security vulnerabilities. The project is built around a simple flow: enter a CVE ID, fetch the vulnerability details live, and present the affected packages, vulnerable version ranges, aliases, advisory links, and severity context without making the user jump between multiple tools.
The README positions OSV.dev as the primary source of truth, with deps.dev layered in for enrichment such as CVSS scores and advisory links. That makes the project useful both as a small product surface and as an exercise in combining multiple upstream data sources into one clearer interface.
What it does
- accepts CVE lookups directly in the UI
- fetches live vulnerability details from OSV.dev
- enriches results with deps.dev when available
- degrades gracefully if the enrichment layer is unavailable
- runs as a small full-stack app with frontend, API, and Redis cache
Stack
The project is split into a React frontend built with Vite and a Python FastAPI backend, with Redis used for caching. The README also outlines a Docker Compose setup for local development and a deployment path using Railway for the backend plus Redis, with Vercel for the frontend.
What makes DepSentry compelling is its restraint. It does one useful job, keeps the surface area small, and turns public vulnerability APIs into something faster to read and act on.