Skip to main content
All software
Open Source · Apache 2.0

VISaR

Vulnerability Identification, Scanning & Reporting

A free, open-source command-line tool that scans GitHub repositories against known vulnerability databases — built for data platform teams who need a repeatable evidence record before approving open-source dependencies.

View on GitHubTalk to us about customisation
VISaR GitHub stars

Interactive Dashboard

One file. Every scan. No server, no setup.

VISaR v1.1.0 generates a self-contained HTML dashboard that consolidates every scan in your data/ directory. Filter by severity, switch between scans, expand rows for full vulnerability descriptions — all in a single HTML file you can email, attach, or drop into a shared drive.

dashboard.html

VISaR Vulnerability Report

Scanned 5 repositories · 12 findings

CRITICAL · 2HIGH · 4MODERATE · 5LOW · 1
CRITICALGHSA-9q4x-mh38
apache/airflow
HIGHGHSA-7p93-2vh5
great-expectations/great_expectations
MODERATEGHSA-x21w-3v8c
pandas-dev/pandas

Illustrative preview · drop a real screenshot at /public/software/visar/dashboard.png

Who It's For

Built for teams that have to prove what they scanned.

01

Data Engineers & Platform Teams

Evaluate open-source libraries before they enter your data stack. Keep VISaR's structured output as your evidence record — version-controllable and auditor-ready.

02

Software Engineers

Validate your own codebase before a release. Confirm your dependency graph carries no known vulnerabilities into the milestone you're shipping.

03

Independent Developers

Verify code generated by AI assistants or sourced from the community. Fast, objective check on third-party libraries before they enter your project.

Quick Start

Up and scanning in under 5 minutes.

Clone, sync dependencies with uv, and point VISaR at any public GitHub repository.

  • Python 3.12+
  • Docker Desktop (2 GB available memory)
  • GitHub personal access token with public_repo scope
terminal
# 1. Clone and sync
git clone https://github.com/AtLongLastAnalytics/visar
cd visar
uv sync

# 2. Scan a single repository
cd src/
uv run python main.py https://github.com/matplotlib/matplotlib

# 3. Batch scan from a list
uv run python main.py --batch ../repos.txt

# 4. Generate the interactive dashboard
uv run python dashboard.py
open ../data/dashboard.html

Release Notes & Background

From the blog

All articles
AtLongLast SoftwareMar 26, 2026

VISaR v1.1.0: Batch Scanning and Interactive Dashboard

VISaR v1.1.0 adds batch scanning across multiple repos and a self-contained HTML dashboard for sharing results. No server, no setup, just a file your team can open and explore.

7 minRead
AtLongLast SoftwareMar 12, 2026

VISaR: A Code Scanning Tool for Data Platform Engineers

VISaR is a free, open-source tool for scanning GitHub repositories against known vulnerability databases. Built after a client asked how to quantify their open-source risk.

4 minRead

Need a private deployment or custom features?

Off-the-shelf scanning doesn't always fit highly regulated environments. We deploy VISaR inside your security boundary and extend it for your stack, compliance regime, and reporting workflows.

Talk to us about customisation