Whether your developer needs to create an instant report about their software project's bill of materials or maintain ongoing compliance for security or legal due diligence, Meterian delivers both. Get reports to send to your legal counsel and information security officer (CISO) in HTML/PDF, or in JSON format for your favorite developer tool as frequently as you wish.
Meterian can be used in an instant locally on the developer's computer or as part of a continuous integration (CI) pipeline to see security, stability and licence risks immediately. Meterian fits right into the developer's workflow so the builder mindset has the company's security and legal risk policy enforcement baked in.
As the pace of software development in your company increases, Meterian prevents bugs, vulnerabilities and compliance risks from piling up. Avoid costly financial and legal damages as a result of risks in your software assets. Meterian's fast, automated solution frees your developers from repetitive and manual research work of analysing the dependent components. Run Meterian continuously to stay informed of known risks in your apps' dependent components.
The scanner will start to gently download the repository contents from the address you entered onto our server, in a way similar to what a search engine crawler does when indexing. Then the meterian scanner will be executed against such contents to discover, analysing and classifying the content. It will look for vulnerable or outdated components, and for any component licensed in a non-friendly way, reporting back what it did find.
This may take a few minutes, especially on big projects, but it's normally very quick. If you do not want to wait, do not worry: the scan will be executed in the background, and you will just need to check later.
No. Every scan made with Meterian scanners are ready only scans. This means all the files on your public repository gets downloaded and every file is carefully read at every single analysis, so it's pretty much like somebody who patiently reads your codebase.
The complete report will provide a complete list of all the components and for each of them any possible vulnerability, a complete upgrade path, and the full list of available licenses, when available.
Yes. Each analysis will eventually have the opportunity to appear in the samples carousel. As the repository is public, also the reports are, and anybody can analyze any repository.
Yes. Once you got access to the complete report, submitting the request form, you will also be able to request it to be deleted.