Codario is a cloud-based service that helps you to use open source in a secure way by monitoring your projects' dependencies for updates.
Do you provide only updates for vulnerable packages?
No, we provide all available updates that can be applied to your project by respecting the given restrictions.
However, you can configure projects on Codario to get only updates for vulnerable packages.
How do you get notice of updates and vulnerabilities?
We analyze public sources for every "package dependency manager" (for example, www.npmjs.com/advisories for npm).
When will an update task be created?
Whenever one or multiple updates of your project are available.
Please pay attention that Codario always respects restrictions from your manifest file (for example,
For example: if you are using restriction
~1.2.3 for a composer package, Codario would suggest the update to version
1.2.34 and but not to version
1.3.0, because your restriction disallows to use versions
As mentioned above Codario always respects restrictions from your manifest file. It's possible to extra customize which packages should be included (excluded) to the update tasks. Every package has
update policy, this property can be:
- The packages with
allowupdate policy and all child dependencies of them will be included in the update tasks.
- The packages with
ignoreupdate policy will be excluded from the update tasks. Pay attention sometimes those packages can be included in the update tasks when are being child dependencies of allowed to update packages.
How often will Codario check for updates of my project dependencies?
Codario checks available updates for a project automatically not often than every hour (the specific interval between checks depends on the time which should be taken to check your projects for updates and the term when found updates were applied last time in your project).
The tasks workflow
All stages where do you see "Failed" badge can get the corresponding stage during processing.