Dependency Analysis
werf
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
81%
Freshness
742
Dependencies
112
Outdated
0
Stale
30.3
Avg Behind
Dependency List
Latest release v2.67.2
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
github.com/docker/docker
golang
|
Direct | v25.0.5+incompatible | — | — | 4 critical | Apache-2.0 |
|
github.com/go-git/go-git/v5
golang
|
Direct | v5.12.0 | — | — | 6 critical | Apache-2.0 |
|
google.golang.org/grpc
golang
|
Transitive | v1.62.1 | — | — | 1 critical | Apache-2.0 |
|
nokogiri
gem
|
Direct | 1.15.5 | — | — | 9 critical | Unknown |
|
minimatch
npm
|
Transitive | 3.1.2 | 10.2.5 | 91 behind | 3 high | ISC |
|
semver
npm
|
Transitive | 6.3.0 | 7.8.1 | 38 behind | 1 high | ISC |
|
picomatch
npm
|
Transitive | 2.3.1 | 4.0.4 | 9 behind | 2 high | MIT |
|
cross-spawn
npm
|
Transitive | 7.0.3 | 7.0.6 | 3 behind | 1 high | MIT |
|
braces
npm
|
Transitive | 3.0.2 | 3.0.3 | 1 behind | 1 high | MIT |
|
addressable
gem
|
Direct | 2.8.0 | — | — | 1 high | Apache-2.0 |
|
flatted
npm
|
Transitive | 3.2.6 | — | — | 2 high | ISC |
|
github.com/containerd/containerd
golang
|
Direct | v1.7.14 | — | — | 3 high | Apache-2.0 |
|
github.com/containers/image/v5
golang
|
Direct | v5.30.0 | — | — | 1 high | Apache-2.0 |
|
github.com/docker/cli
golang
|
Direct | v25.0.5+incompatible | — | — | 1 high | Apache-2.0 |
|
github.com/go-jose/go-jose/v3
golang
|
Transitive | v3.0.3 | — | — | 2 high | Apache-2.0 |
|
github.com/moby/buildkit
golang
|
Direct | v0.13.1 | — | — | 2 high | Apache-2.0 |
|
github.com/moby/spdystream
golang
|
Transitive | v0.2.0 | — | — | 1 high | Apache-2.0 |
|
github.com/opencontainers/runc
golang
|
Transitive | v1.1.12 | — | — | 4 high | Apache-2.0 |
|
github.com/opencontainers/selinux
golang
|
Transitive | v1.11.0 | — | — | 1 high | Apache-2.0 |
|
github.com/sigstore/fulcio
golang
|
Transitive | v1.4.4 | — | — | 2 high | Apache-2.0 |
|
github.com/sirupsen/logrus
golang
|
Direct | 1.8.0 | — | — | 1 high | MIT |
|
go.opentelemetry.io/otel/sdk
golang
|
Direct | v1.24.0 | — | — | 2 high | Apache-2.0 |
|
golang.org/x/oauth2
golang
|
Transitive | v0.18.0 | — | — | 1 high | BSD-3-Clause |
|
google-protobuf
gem
|
Direct | 3.25.2 | — | — | 1 high | BSD-3-Clause |
|
rack
gem
|
Direct | 3.0.8 | — | — | 23 high | MIT |
|
webrick
gem
|
Direct | 1.8.1 | — | — | 2 high | BSD-2-Clause OR (BSD-2-Clause AND Ruby) |
|
@babel/runtime
npm
|
Transitive | 7.18.9 | 7.29.7 | 87 behind | 1 medium | MIT |
|
ajv
npm
|
Transitive | 6.12.6 | 8.20.0 | 67 behind | 1 medium | MIT |
|
brace-expansion
npm
|
Transitive | 1.1.11 | 5.0.6 | 18 behind | 2 medium | MIT |
|
js-yaml
npm
|
Transitive | 4.1.0 | 4.2.0 | 3 behind | 1 medium | MIT |
|
micromatch
npm
|
Transitive | 4.0.5 | 4.0.8 | 3 behind | 1 medium | MIT |
|
@babel/runtime-corejs3
npm
|
Transitive | 7.18.9 | — | — | 1 medium | MIT |
|
@octokit/endpoint
npm
|
Transitive | 10.1.1 | — | — | 1 medium | MIT |
|
@octokit/plugin-paginate-rest
npm
|
Transitive | 2.21.3 | — | — | 1 medium | MIT |
|
@octokit/request
npm
|
Transitive | 9.1.1 | — | — | 1 medium | MIT |
|
@octokit/request-error
npm
|
Transitive | 2.1.0 | — | — | 1 medium | MIT |
|
activesupport
gem
|
Direct | 6.1.7.6 | — | — | 3 medium | MIT |
|
aws-sdk-s3
gem
|
Direct | 1.103.0 | — | — | 1 medium | Apache-2.0 |
|
github.com/containers/common
golang
|
Direct | v0.58.1 | — | — | 1 medium | Apache-2.0 |
|
github.com/sigstore/rekor
golang
|
Transitive | v1.3.5 | — | — | 2 medium | Apache-2.0 |
|
github.com/sigstore/sigstore
golang
|
Transitive | v1.8.2 | — | — | 1 medium | Apache-2.0 |
|
github.com/ulikunitz/xz
golang
|
Transitive | v0.5.11 | — | — | 1 medium | BSD-3-Clause |
|
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
golang
|
Transitive | v0.44.0 | — | — | 1 medium | Apache-2.0 |
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
golang
|
Direct | v1.24.0 | — | — | 1 medium | Apache-2.0 |
|
golang.org/x/crypto
golang
|
Direct | v0.41.0 | — | — | 3 medium | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
github.com/cloudflare/circl
golang
|
Transitive | v1.3.7 | — | — | 2 low | BSD-3-Clause |
|
rexml
gem
|
Direct | 3.3.9 | — | — | 1 low | BSD-2-Clause |
|
golang.org/x/net
golang
|
Direct | v0.43.0 | — | — | 3 unknown | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
License Breakdown
MIT
368
Apache-2.0
198
BSD-3-Clause
46
Unknown
39
ISC
20
BSD-2-Clause
19
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
12
MPL-2.0
9
BSD-3-Clause AND MIT
5
Apache-2.0 AND BSD-2-Clause
2
Apache-2.0 AND BSD-3-Clause
2
Apache-2.0 AND BSD-3-Clause AND MIT
2
Apache-2.0 AND CC-BY-SA-4.0
2
Apache-2.0 AND MIT
2
BSD-2-Clause OR (BSD-2-Clause AND Ruby)
2
BSD-2-Clause AND BSD-2-Clause-Views
1
BSD-2-Clause AND ISC
1
BSD-2-Clause-Views
1
CC0-1.0
1
CC0-1.0 AND MIT
1
ISC AND MIT
1
LicenseRef-scancode-unknown-license-reference AND MIT
1
MIT OR BSD-2-Clause
1
MPL-1.0 AND MPL-2.0
1
Python-2.0
1
Ruby OR (BSD-2-Clause AND Ruby)
1
Ruby OR (GPL-2.0 AND GPL-2.0-only) OR (GPL-2.0 AND Ruby) OR (GPL-2.0-only AND Ruby)
1
Unlicense
1
CVE Severity
critical
4
high
22
medium
19
low
2
unknown
1