Stop Wasting Time on CVEs That Don't Affect You

The Problem Aren't you tired of pushing new code and then a few days later receiving an alert from Github's Dependabot? Well, I am. The most annoying part is looking for the CVE, reviewing your code and then detecting that you aren't using the affected part. Rinse and repeat for every single alert. The solution? That's why I built dep_shield — a CLI that I can plug into my common workflow (lint -> dep_shield -> tests -> sonar) and get a straight answer: "this CVE affects you" or "relax, you're fine." How dep_shield Works The flow is straightforward: Parse dependencies — Read requirements.txt or pyproject.toml , extract packages and versions Check for CVEs — Query the OSV database for known vulnerabilities Find usage in code — Scan your Python files to see where you import vulnerable packages AI-powered analysis — Send the CVE description + your import context to an LLM and ask: "Does this actually affect me?" The Interesting Parts Parsing Dependencies (Both Formats) The tool supports r

Stop Wasting Time on CVEs That Don't Affect You

Related Articles

Earn 5% in rewards on phones, devices, and accessories with the T-Mobile Visa

Master Global Payroll in 2026. Start with the Free Playbook.

I Stopped Self-Reviewing My Code — Claude Code’s /simplify Does It Better

The Postgres Query That Deleted $430K in Revenue (And the 12-Character Fix)

Amazon is clearing out these popular DeWalt power tools by up to $190 off

Related Articles

News
Earn 5% in rewards on phones, devices, and accessories with the T-Mobile Visa
ZDNet • 43m ago

News
Master Global Payroll in 2026. Start with the Free Playbook.
Medium Programming • 1h ago

News
I Stopped Self-Reviewing My Code — Claude Code’s /simplify Does It Better
Medium Programming • 1h ago

News
The Postgres Query That Deleted $430K in Revenue (And the 12-Character Fix)
Medium Programming • 2h ago

News
Amazon is clearing out these popular DeWalt power tools by up to $190 off
ZDNet • 2h ago