Mar 28, 2026
Continuous CVE Monitoring and Alerts
New CVEs get published every day. DeepSource now monitors multiple vulnerability databases continuously and re-scans affected repositories automatically, so you know about new risks as soon as they're disclosed, not just when you push code.
Periodic SCA Scanning
DeepSource now polls multiple vulnerability databases every hour across several package ecosystems. When a newly published CVE matches a dependency in your codebase, affected repositories are automatically re-scanned in the background.
Sources we monitor:
- GitHub Advisory Database
- PyPI Advisory Database
- Go Vulnerability Database
- Rust Advisory Database
- Python Software Foundation Database
- OpenSSF Malicious Packages
Vulnerability Email Alerts
When new vulnerabilities are detected, DeepSource sends a digest email to your organization admins. Each alert includes:
- Total new vulnerabilities and the number of affected repositories
- A severity breakdown (Critical, High, Medium, Low)
- Vulnerabilities grouped by repository and lockfile, with package name, CVE identifier, and CVSS score
The AI Code Review Platform for fast-moving teams and their agents.
Quickstart with
14-day free trial, no credit card needed For growing teams and enterprises