dpndncY

dpndncY documentation.

Self-hosted application-security platform. Three layers — scan, block, sign — on a single signing root. This is the public docs portal; the executable docs (config reference, API spec, CLI man pages) ship inside every installation.

What dpndncY is

dpndncY is a self-managed platform that finds the risk that matters, blocks it before install, watches your CI runners at the kernel level, and signs every decision so anyone can verify it offline. SCA, SAST, IaC, secrets, container, attack-paths, Dependency Firewall, and the eBPF Runtime Agent — all backed by the same exploitability-signal stack and the same DSSE/RS256 signing root.

Read in this order

  1. Quick start — get an instance up and running in ten minutes.
  2. Architecture — the three layers, the signing root, what runs where.
  3. SCA — your first scan in one command.
  4. Dependency Firewall — pre-install enforcement, configured once.
  5. eBPF Runtime Agent — kernel-level CI trust.
  6. Decision & evidence — what gets signed and how to verify it.
Public preview docs
This portal mirrors the table of contents of the in-product docs. The deep reference (every CLI flag, every API endpoint, every config knob) ships with the binary so you always have the docs that match your installed version.

How to read code samples

Code samples use the same conventions throughout. Replace any value in angle brackets with your own:

convention
dpndncy scan <path-to-manifest> --output <format>
# example
dpndncy scan ./package.json --output sarif

Where to ask

Email [email protected] for commercial questions, or [email protected] for technical. Design partners get a shared Slack channel with the engineering team.

Next →
Quick start