Quickstart
This guide walks you from a fresh Depswright account to a monitored repo with CI integration. Most engineers finish in under 18 minutes.
1. Install the CLI
The CLI is the fastest way to get started. Install via npm:
npm install -g @depswright/cliOr use Homebrew on macOS:
brew tap depswright/tap
brew install depswrightVerify the install:
depswright --version2. Create an account and connect your repo
Go to depswright.com/login/signup and create a free account. Then run:
depswright initThis opens a browser window to authorize the CLI with your account. After authorization, follow the prompt to link a repository.
Alternatively, install the Depswright GitHub App directly from GitHub Marketplace for a web-only setup (no CLI required).
3. Run your first scan
cd /path/to/your/project
depswright scanDepswright reads your lockfile(s) — package-lock.json, Pipfile.lock, Cargo.lock, go.sum, etc. — resolves the full transitive graph, and prints a summary. A shareable report link is included in the output.
4. Add to GitHub Actions
Create .github/workflows/deps.yml:
name: Dependency audit
on: [push, pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Depswright scan
uses: depswright/action@v2
with:
api_key: ${{ secrets.DEPSWRIGHT_KEY }}
fail_on: critical
annotate_pr: trueAdd your API key from the Depswright dashboard as a GitHub secret named DEPSWRIGHT_KEY.
5. Set up Slack alerts
Add a depswright.yml to your repo root (Team plan and above):
version: 1
monitor:
schedule: "0 9 * * *"
notify:
slack_webhook: ${{ secrets.SLACK_HOOK }}GitLab CI
Add to your .gitlab-ci.yml:
depswright:
image: node:20
script:
- npm install -g @depswright/cli
- depswright scan --api-key $DEPSWRIGHT_KEY --fail-on critical
only:
- merge_requests
- mainJira integration
In depswright.yml:
monitor:
notify:
jira:
project: ENG
issue_type: Bug
priority_map:
critical: High
warning: MediumProvide your Jira credentials via the Depswright dashboard under Settings → Integrations.