Introduction

Codario is a cloud-based service that helps you to use open source in a secure way by monitoring your projects' dependencies for updates.

Do you provide only updates for vulnerable packages?

No, we provide all available updates that can be applied to your project by respecting the given restrictions.

However, you can configure projects on Codario to get only updates for vulnerable packages.

How do you get notice of updates and vulnerabilities?

We analyze public sources for every "package dependency manager" (for example, www.npmjs.com/advisories for npm).

When will an update task be created?

Whenever one or multiple updates of your project are available.

Please pay attention that Codario always respects restrictions from your manifest file (for example, composer.json for composer, package.json for npm).

For example: if you are using restriction ~1.2.3 for a composer package, Codario would suggest the update to version 1.2.34 and but not to version 1.3.0, because your restriction disallows to use versions >=1.3.0.

Update policy

As mentioned above Codario always respects restrictions from your manifest file. It's possible to extra customize which packages should be included (excluded) to the update tasks. Every package has update policy, this property can be: allow or ignore.

  • The packages with allow update policy and all child dependencies of them will be included in the update tasks.
  • The packages with ignore update policy will be excluded from the update tasks. Pay attention sometimes those packages can be included in the update tasks when are being child dependencies of allowed to update packages.

How often will Codario check for updates of my project dependencies?

Codario checks available updates for a project automatically not often than every hour (the specific interval between checks depends on the time which should be taken to check your projects for updates and the term when found updates were applied last time in your project).

The tasks workflow

All stages where do you see "Failed" badge can get the corresponding stage during processing.