Why choose Octotrack?

  1. No access to your code is requested. You can update your dependencies manually by uploading your Gemfile.lock or automatically using a git post-commit hook (Octotrack provides a simple script to install).
  2. Analyse dependencies relationships. Understand the connections between your dependencies and how much you rely on each of them.
  3. Daily notifications of vulnerabilities and dependencies updates. Octotrack works for you while you sleep 😴 so you never have to wake up in the middle of the night because of a security issue.



Complete control of all your projects dependencies, security and statistics about dependency usage.

Project overview

The project overview allows quick identification of CVE's, dependencies update status and immediate actions.

Automatic updates

Configure a git hook on your project with a single command and benefit from automatic updates.

Invite your colleagues

Invite your team to join a specific project and keep them updated of new releases and security vulnerabilities.

Export CVE's

Easily share with anyone a PDF summarising the vulnerabilities affecting your project and get feedback.

Analyse release notes

Know what the latest changes on your dependencies are and choose to upgrade based on that.

Latest Vulnerabilities

Bypass vulnerability in Active Storage

November 27, 2018

There is a vulnerability in Active Storage. This vulnerability has been assigned the CVE identifier CVE-2018-16477. Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: Impact ------ Signed download URLs generated by `ActiveStorage` for Google Cloud Storage servi...

Broken Access Control vulnerability in Active Job

November 27, 2018

There is a vulnerability in Active Job. This vulnerability has been assigned the CVE identifier CVE-2018-16476. Versions Affected: >= 4.2.0 Not affected: < 4.2.0 Fixed Versions: 4.2.11,,, Impact ------ Carefully crafted user input can cause Active Job to deserialize it u...