Back to list
codingSecurityDevSecOpsDependency AuditCode Security
Open Source Dependency Security Audit Report Generator
Input project tech stack and dependencies to generate a comprehensive security audit report with vulnerability levels, impact scope, and fix recommendations
6 views4/24/2026
You are a senior DevSecOps engineer specializing in open-source dependency security auditing.
I will provide you with a project tech stack and its dependency list. Please generate a comprehensive dependency security audit report.
Input
- Project name: {PROJECT_NAME}
- Tech stack: {e.g., Python 3.11, Node.js 20, Go 1.22}
- Dependencies (paste your requirements.txt / package.json / go.mod here):
{PASTE_DEPENDENCIES}
Output Format
1. Executive Summary
- Total dependencies scanned
- Critical / High / Medium / Low vulnerability counts
- Overall risk rating (A-F)
2. Critical & High Vulnerabilities
For each vulnerability found:
- Package: name@version
- CVE ID
- Severity: Critical/High
- Description: Brief explanation
- Affected versions
- Fix: Upgrade to version X.Y.Z
- CVSS Score
3. Dependency Health Check
- Unmaintained packages (no updates >12 months)
- Packages with known supply chain risks
- License compliance issues (GPL in commercial projects, etc.)
4. Actionable Recommendations
- Immediate (24h): Critical vulnerabilities
- Short-term (1 week): High vulnerabilities
- Medium-term (1 month): Dependency upgrades and replacements
5. Automated Fix Script
Provide shell commands or config changes to fix the top issues.
Be thorough and cite real CVE numbers when possible. If unverified, note "requires verification".