Product

Open-source dependency health.
Evidence first. Always.

OSPulse continuously analyses your repositories, packages, and dependency tree — surfacing risk that matters, with the evidence to back every claim.

How OSPulse works

🔗

Connect

Install the GitHub App or connect GitLab / Azure DevOps / Bitbucket. Select repositories in minutes.

🔍

Scan

OSPulse parses manifests, lock files, SBOMs, and container images. Resolves your full dependency tree.

📊

Score

Every package receives a health score (0–100) across 10 dimensions, with confidence rating and evidence trail.

🚨

Act

Alerts in Slack, Teams, email. CI/CD gates on pull requests. Jira tickets. AI-generated remediation guidance.

Health Scoring

A 0–100 score for every dependency. Full evidence for every score.

OSPulse calculates a health score across 10 weighted dimensions. The weights are configurable per tenant policy. Every score ships with a confidence rating — when evidence is missing, the score is flagged as uncertain, not silently assumed safe.

Risk levels map to: Minimal (90–100), Low (75–89), Medium (55–74), High (35–54), Critical (0–34).

Maintainer health

20%

Repository activity

15%

Release cadence

15%

Issue responsiveness

10%

PR responsiveness

10%

Vulnerability exposure

10%

Licence risk

Provenance & supply chain

Popularity & resilience

Org blast radius

Scans every manifest you have

From package.json to Dockerfile to Terraform lock files.

package.jsonpackage-lock.jsonyarn.lockpnpm-lock.yamlbun.lockb.csprojpackages.configpackages.lock.jsonrequirements.txtpyproject.tomlpoetry.lockPipfile.lockpom.xmlbuild.gradlebuild.gradle.ktsgo.modgo.sumCargo.tomlCargo.lockGemfileGemfile.lockcomposer.jsoncomposer.lockDockerfiledocker-compose.ymlTerraform .lock.hclGitHub Actions workflows

Ready to scan your first repository?

Setup takes under 10 minutes. First scan results in under 5.

Request Early Access View the platform

Open-source dependency health.Evidence first. Always.