The dependency health scorecard for every project your team owns.

DepVitals gives every project a scorecard, distilling version drift, vulnerabilities, and deprecated packages into a clear A–F grade. One dashboard. Full picture. Everyone aligned.

Get started free View pricing →
depvitals.com/acme/portfolio

Portfolio Health

4 projects

api-service

RubyGems
A+

score

98

web-frontend

npm
C

score

74

data-pipeline

npm
B-

score

81

admin-panel

RubyGems
F

score

34

Example portfolio dashboard (illustrative only)

The problem

Dependabot isn’t enough on its own.

Dependabot is a great tool. It opens pull requests, surfaces alerts, and gives engineers a clear list of what needs updating. But in a busy team, those PRs get ignored. Alerts accumulate. And before long, the signal is buried under months of backlog.

The bigger problem: there’s no easy way to know how bad things really are. Not across a single codebase, and certainly not across an entire portfolio of projects. Engineers don’t have a clear picture of what to prioritize. Managers can’t report on it. Leadership is flying blind.

Alerts pile up

Dependabot PRs stack up and go stale. Nobody knows how many are actually critical.

No big picture

Each tool shows one repo at a time. Getting a cross-team picture means doing it manually.

Leadership is blind

Without a clear signal, it’s impossible to justify the investment to fix dependency debt.

The solution

This is what DepVitals is for.

DepVitals scans your projects and turns raw dependency data into something everyone can understand: a scorecard. Every project gets an A–F grade based on version drift, vulnerability severity, and package health.

The result is a portfolio dashboard that shows the health of every project side by side. You see the full picture instantly, so you know exactly where to focus first.

📦

Version drift

How far behind is each dependency? Major version gaps carry the most weight.

🔐

Vulnerability severity

CVEs are weighted by severity. A single critical vulnerability can fail a project instantly.

🏥

Package health

Deprecated packages and pre-release versions drag the score down. No silent liabilities.

Features

Everything you need to stay ahead of dependency risk.

A scorecard everyone can read

No more raw CVE scores or version number comparisons. DepVitals distills complexity into a clear A–F grade for each project, so engineers, managers, and executives are all looking at the same signal.

A portfolio dashboard that shows the full picture

See the health of every project side by side, sorted by worst first. Instantly know which teams need support, which projects are drifting, and where to invest your next sprint.

Reporting that keeps everyone aligned

Share dependency health across your organization without exporting CSVs or writing status updates. Track progress over time, see the impact of your team’s work, and make the case for continued investment, with data rather than gut feeling.

RubyGems and npm, with new ecosystems added regularly

DepVitals works where your stack lives. Scan Ruby and JavaScript projects today, with support for more ecosystems on the way.

Who it’s for

Built for every layer of the engineering organization.

For engineers

Know exactly what to fix and why. Stop guessing which dependency is the biggest risk and start your sprint with a clear priority list.

For engineering managers

Get a real-time view of your team’s dependency health. Identify drift early, unblock your engineers, and stop firefighting vulnerabilities.

For directors and CTOs

See the health of your entire portfolio at a glance. Report on progress, justify investment, and know exactly where to invest your engineering capacity.

Start knowing.
Stop guessing.

Get a scorecard for every project your team owns, in minutes.

Public and open-source projects are always free. Private project support is coming soon.

Get started free View pricing

We use cookies for session management and analytics. See our Privacy Policy for details.