Security Vulnerabilities and Licenses via the VersionEye API

VersionEye can monitor your software dependencies and notify you about out-dated versions. But that’s not all. VersionEye can help you with licenses and security vulnerabilities as well. You can setup a license whitelist for your projects and VersionEye will notify you as soon some of your dependencies are violating your license whitelist. For PHP projects you can even receive notifications about known security vulnerabilities.

Screen Shot 2015-09-20 at 15.16.34

Now the license and security vulnerabilities are available via the API as well. With this Endpoint it’s possible to fetch information about an existing project.

Screen Shot 2015-09-20 at 15.20.14

The response is a JSON object with an Array of dependencies. Now each element in the dependencies Array has a new variable called “licenses”.


If it is empty that means that VersionEye has no license information about this dependency. Otherwise it contains a list of licenses like this.


“on_whitelist” shows if the license is on the license whitelist or not. If the value is “null”, that means that there is no license whitelist assigned to the project. “on_cwl” stands for on component whitelist. The values are equivalent to the “on_whitelist” field.

Beside that each element in the “dependencies” Array contains a new field “security_vulnerabilities”. That is an Array of known security vulnerabilities to the dependency.


The versioneye-php package is a wrapper around the VersionEye API and it implemented this new features already in the newest version.

Now the VersionEye API is even more powerful. Take advantage of it 😉

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s