Dependency Risk Bulletin (48h turnaround)

You’ll receive a short, prioritized bulletin including:

  •  High/medium/low risk dependencies
  • Known advisory exposure (high-level triage)
  • Pinning + transitive blocker notes
  • Suggested upgrade order (what first/next/later)

What to upload (any one is fine):

  • requirements.txt, pyproject.toml (preferred)
  • poetry.lock, popfile.lock or similar (also fine)

Don't know where these files are?  Let us know in the "Additional Information" field and we'll provide guidance.

File handling:

  • We use uploads only to generate the bulletin.
  • No production access needed.

Request Your Bulletin

* indicates a required field.


*

requirements.txt, pyproject.toml, also pip, pdm, uv, conda or similar file

FAQ

I'm not technical.  What's a dependency anyway?
Any modern website runs on a combination of software components. Your Django website relies on dozens—sometimes hundreds—of these “building blocks” under the hood. We review them to spot outdated or risky components early, before they turn into security issues or upgrade headaches.

Do you need access to our code or production?
No we just need the dependency file.

Do we have to schedule a call?
No. We’ll do this async unless you ask for a call.

What if we use Poetry / Pipenv / PDM?
No problem.  You can even upload the LOCK file.

I have no idea where my dependency file is located!
No problem.  Just drop that in the "Additional Information" field of the form and we'll point you in the right direction.

What do you send back?
A short bulletin (typically 1–2 pages) with prioritized risks and a recommended upgrade sequence.

Trusted by:

                  

Please call us at (877) 275-9144 or submit the form above
(for every form submitted, we give a treat to Ruby, our office dog).