Hi all,

First of all, this is a self-promoting post related to a project I work on, which is not yet even in an early stage or usable form. I am simply searching for feedback for this idea I have. I will not repost this as I don’t want to break any sub rules. That being said:

I am working on Vigilib Labs, a cross-platform (Windows and Linux) desktop application (with GUI) that manages 3rd party libraries from your projects.

The tool will:

scan projects dependencies

check for updated versions

check for license texts

check for known vulnerabilities

generate reports for audits, documentation for clients, compliance with licenses for checking restrictions for distributions of your solutions

This projects aims at:

one time purchase - use forever

integrate with various development frameworks (the MVP will include .NET and Python)

no account, no cloud, everything stays on your system

use free and open sources to check for all dependencies information (versions, license, known vulnerabilities)

Example workflow:

Create a workspace -> browse for your projects -> scan your libraries -> see results in GUI -> download the report (html/pdf/other)

Notes:

A workspace contains system paths to the projects

The scan operation only scans for 3rd party libraries, not your code (e.g. for .NET C# it will scan for .csproj files and extract library information from there)

I am making this post to gather feedback on this idea, suggestions, anything from developers and companies who might be interested in such a solution, so please feel free to reach out!

I am curious about:

would you use such a tool in your solution or workflow?

do you use another solution to manage this? if yes, what pain points do you have?

Thank you, this means a lot to me!