I built FeralDeps as part of a college project; it's an open-source, local dependency scanner for Java projects that also checks for outdated dependencies and known vulnerabilities. Most of the scanning and reporting runs locally, so your project data never leaves your machine.
It generates HTML reports, shows CVSS severity scores, and comes with a simple GUI. You can optionally provide API credentials for OSS Index or GitHub for more detailed vulnerability info.
Why it's useful:
- Quickly find outdated or vulnerable dependencies in Gradle/Maven projects.
- Local scanning keeps your code and data private
- Generates easy to read reports and charts
You can try it via a prebuilt JAR (no build required) or compile from source:
https://github.com/PardixLabs/feraldeps-core
Future plans include transitive dependency analysis, additional ecosystem support (Python, JS, etc.) and CI integration. Any feedback is very welcome and much appreciated!