DEV Community

Vulert profile picture

Vulert

Protect Your Software. Simplify Compliance Automatically detect vulnerabilities, manage open source license risks, and meet legal obligations — all without accessing your code or installing anything.

Location London, England Joined Joined on  Personal website https://vulert.com/
How to Set Up an Internal Package Registry for Security

How to Set Up an Internal Package Registry for Security

Comments
10 min read
How to Conduct a Security Review of a Pull Request — A Developer Checklist

How to Conduct a Security Review of a Pull Request — A Developer Checklist

Comments
9 min read
Penetration Testing vs SCA — What’s the Difference and Do You Need Both?

Penetration Testing vs SCA — What’s the Difference and Do You Need Both?

Comments
9 min read
Open Source Security for E-Commerce — Protecting Payment Data Through Dependency Monitoring

Open Source Security for E-Commerce — Protecting Payment Data Through Dependency Monitoring

Comments
10 min read
How AI Coding Tools Are Changing Your Dependency Security Risk

How AI Coding Tools Are Changing Your Dependency Security Risk

Comments
9 min read
Zero-Day Vulnerability Response — What to Do When There Is No Patch

Zero-Day Vulnerability Response — What to Do When There Is No Patch

Comments
9 min read
The OWASP Top 10 and Open Source Dependencies — How SCA Addresses Vulnerable Components

The OWASP Top 10 and Open Source Dependencies — How SCA Addresses Vulnerable Components

Comments
9 min read
Legacy Application Dependency Security — Managing Vulnerabilities When Upgrading Is Hard

Legacy Application Dependency Security — Managing Vulnerabilities When Upgrading Is Hard

Comments
9 min read
Monorepo Dependency Security — Vulnerability Scanning Across Packages

Monorepo Dependency Security — Vulnerability Scanning Across Packages

Comments
9 min read
Renovate vs Dependabot — Which Automated Dependency Update Tool Is Right for You?

Renovate vs Dependabot — Which Automated Dependency Update Tool Is Right for You?

Comments
8 min read
Microservices Dependency Security — Managing Vulnerabilities Across Dozens of Services

Microservices Dependency Security — Managing Vulnerabilities Across Dozens of Services

Comments
10 min read
Swift Package Manager Security — Scanning iOS and macOS Dependencies for Vulnerabilities

Swift Package Manager Security — Scanning iOS and macOS Dependencies for Vulnerabilities

Comments
9 min read
Kotlin Dependency Security — Scanning Android and Backend Projects for Vulnerabilities

Kotlin Dependency Security — Scanning Android and Backend Projects for Vulnerabilities

Comments
9 min read
Scala and SBT Dependency Security — Scanning Your JVM Projects for Vulnerabilities

Scala and SBT Dependency Security — Scanning Your JVM Projects for Vulnerabilities

Comments
9 min read
Open Source Security in 2026 — State of the Industry

Open Source Security in 2026 — State of the Industry

Comments
8 min read
How to Get Executive Buy-In for Security Tooling — Arguments That Actually Work

How to Get Executive Buy-In for Security Tooling — Arguments That Actually Work

Comments
8 min read
Vulnerability Management for Startups — Security at Every Stage Without Breaking the Budget

Vulnerability Management for Startups — Security at Every Stage Without Breaking the Budget

Comments
7 min read
Open Source Security for Agencies — Managing Vulnerabilities Across Multiple Client Codebases

Open Source Security for Agencies — Managing Vulnerabilities Across Multiple Client Codebases

Comments
6 min read
GitLab CI Security Scanning — Dependency Vulnerability Detection Setup

GitLab CI Security Scanning — Dependency Vulnerability Detection Setup

Comments
8 min read
How to Add Security Scanning to GitHub Actions — Complete Setup Guide

How to Add Security Scanning to GitHub Actions — Complete Setup Guide

Comments
7 min read
Dependency Pinning vs Floating Versions — What Security Teams Need to Know

Dependency Pinning vs Floating Versions — What Security Teams Need to Know

Comments
8 min read
How Attackers Find Vulnerable Applications — And How to Stay One Step Ahead

How Attackers Find Vulnerable Applications — And How to Stay One Step Ahead

Comments
7 min read
Semantic Versioning and Security — Why Your Version Ranges Could Be a Risk

Semantic Versioning and Security — Why Your Version Ranges Could Be a Risk

Comments
9 min read
The NVD Data Problem — Why Vulnerability Databases Aren’t Always Reliable

The NVD Data Problem — Why Vulnerability Databases Aren’t Always Reliable

Comments
7 min read
EPSS Explained — A Better Way to Prioritize Which Vulnerabilities to Fix First

EPSS Explained — A Better Way to Prioritize Which Vulnerabilities to Fix First

Comments
8 min read
Elixir Dependency Security — How to Scan Your Hex Packages for Vulnerabilities

Elixir Dependency Security — How to Scan Your Hex Packages for Vulnerabilities

Comments
7 min read
Free vs Paid SCA Tools — When Does Paying for Vulnerability Monitoring Make Sense?

Free vs Paid SCA Tools — When Does Paying for Vulnerability Monitoring Make Sense?

Comments
7 min read
Socket.dev vs Traditional SCA Tools — Two Different Approaches to Open Source Security

Socket.dev vs Traditional SCA Tools — Two Different Approaches to Open Source Security

Comments
8 min read
Flutter and Dart Dependency Security — Scanning pub.dev Packages for Vulnerabilities

Flutter and Dart Dependency Security — Scanning pub.dev Packages for Vulnerabilities

Comments
8 min read
Vulert vs Snyk — An Honest Comparison for Engineering Teams

Vulert vs Snyk — An Honest Comparison for Engineering Teams

Comments
8 min read
Open Source Security for Healthcare Software — HIPAA, FDA, and Dependency Requirements

Open Source Security for Healthcare Software — HIPAA, FDA, and Dependency Requirements

Comments
7 min read
How to Set Up Jira for Vulnerability Management: A Complete Workflow

How to Set Up Jira for Vulnerability Management: A Complete Workflow

Comments
9 min read
Open Source Security for Fintech — Compliance Requirements and Best Practices

Open Source Security for Fintech — Compliance Requirements and Best Practices

Comments
8 min read
Langflow CVE-2026-5027 Exploited in the Wild — Unauthenticated RCE Risk in AI App Builder

Langflow CVE-2026-5027 Exploited in the Wild — Unauthenticated RCE Risk in AI App Builder

Comments
8 min read
LiteLLM CVE-2026-42271 Exploited in the Wild — AI Gateway Flaw Chains to Unauthenticated RCE

LiteLLM CVE-2026-42271 Exploited in the Wild — AI Gateway Flaw Chains to Unauthenticated RCE

1
Comments 1
8 min read
DevSecOps for Small Teams — Security Without a Security Department

DevSecOps for Small Teams — Security Without a Security Department

Comments
7 min read
The 10 Most Exploited Open Source Vulnerabilities of 2025

The 10 Most Exploited Open Source Vulnerabilities of 2025

Comments
9 min read
How to Write a Vulnerability Disclosure Policy — And Why Every Company Needs One

How to Write a Vulnerability Disclosure Policy — And Why Every Company Needs One

1
Comments
9 min read
Mean Time to Remediate Vulnerabilities — Benchmarks and How to Improve Yours

Mean Time to Remediate Vulnerabilities — Benchmarks and How to Improve Yours

1
Comments
8 min read
Your Security Audit Found Vulnerable Dependencies — Here’s Exactly What to Do

Your Security Audit Found Vulnerable Dependencies — Here’s Exactly What to Do

1
Comments
9 min read
Spring4Shell Explained — Is Your Spring Application Still Vulnerable?

Spring4Shell Explained — Is Your Spring Application Still Vulnerable?

1
Comments
8 min read
How to Evaluate If a Package Is Safe Before Adding It to Your Project

How to Evaluate If a Package Is Safe Before Adding It to Your Project

1
Comments
8 min read
What Is a CVE? A Developer's Complete Guide to Understanding Vulnerabilities

What Is a CVE? A Developer's Complete Guide to Understanding Vulnerabilities

1
Comments
10 min read
Transitive Dependencies — The Hidden Vulnerability Risk Most Teams Miss

Transitive Dependencies — The Hidden Vulnerability Risk Most Teams Miss

1
Comments
10 min read
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

1
Comments
9 min read
.NET NuGet Package Security — How to Scan Your C# Dependencies for Vulnerabilities

.NET NuGet Package Security — How to Scan Your C# Dependencies for Vulnerabilities

Comments 1
9 min read
CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog

Comments
9 min read
Redis CVE-2026-23479: AI-Discovered RCE Flaw Exposes Two Years of Hidden Risk

Redis CVE-2026-23479: AI-Discovered RCE Flaw Exposes Two Years of Hidden Risk

Comments
10 min read
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Comments
8 min read
Rust Cargo Security — How to Audit Your Dependencies for Known Vulnerabilities

Rust Cargo Security — How to Audit Your Dependencies for Known Vulnerabilities

Comments
9 min read
Ruby Gem Security — How to Scan Your Gemfile for Vulnerabilities

Ruby Gem Security — How to Scan Your Gemfile for Vulnerabilities

1
Comments
8 min read
Go Module Security — How to Scan Golang Dependencies for Vulnerabilities

Go Module Security — How to Scan Golang Dependencies for Vulnerabilities

Comments
5 min read
GitHub Advanced Security vs Dedicated SCA Tools — What Do You Actually Need?

GitHub Advanced Security vs Dedicated SCA Tools — What Do You Actually Need?

Comments
9 min read
Mend Alternatives: 5 SCA Tools Worth Considering

Mend Alternatives: 5 SCA Tools Worth Considering

Comments
9 min read
OWASP Dependency-Check vs Paid SCA Tools

OWASP Dependency-Check vs Paid SCA Tools

Comments
9 min read
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

1
Comments 2
7 min read
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Comments
7 min read
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

1
Comments
6 min read
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Comments
6 min read
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

1
Comments
6 min read
loading...