Open-Source Dependency Vulnerability Drift Monitor

by Devadath SR, Dhipa Mariya Paul., Ganga MU., Harinanda J., Ms.Nithya Paul

Published: July 8, 2026 • DOI: 10.51584/IJRIAS.2026.11060192

Abstract

This paper presents an Open-Source Dependency Vulnerability Drift Monitor , an automated security monitoring platform designed to continuously track software dependencies for known vulnerabilities and version inconsistencies. Most existing vulnerability scanning tools provide only one-time analysis and fail to address the continuous evolution of dependencies, leaving systems exposed to newly discovered threats.
For development teams, the system provides automated dependency scanning, real-time vulnerability detection using the OSV database, version drift analysis, and prioritized security alerts. For individual developers, the platform offers a centralized dashboard for monitoring multiple projects with detailed CVE information and remediation guidance.
The system includes features such as automated dependency extraction, vulnerability detection, version drift monitoring, risk-based alert generation, and scheduled background scanning. It was evaluated with real-world npm and Python projects, achieving over 90% accuracy in vulnerability detection and successfully identifying outdated dependencies across all tested scenarios