Vultra is a vulnerability aggregator that checks your project’s dependencies against known vulnerability databases. It then reports key information—such as vulnerability type, severity, and the patched version, if available.
Currently, Vultra supports the following dependency management frameworks:
- Maven (mvn)
- Node Package Manager (npm)
Vultra was built for the ECS 260 Software Engineering course at UC Davis (Winter Quarter 2025).
On Linux / WSL, run:
sudo apt install python3
sudo apt-get install python3-pip
sudo apt install maven
sudo apt install npm- Set up the environment:
python -m venv venv- On Linux / WSL, run:
source venv/bin/activateOn Windows, run:
.\venv\Scripts\activate- Install requirements:
pip install .- Configure GitHub Access Token (required) Generate a GitHub Personal Access Token and configure it as instructed below: On Linux / WSL, run:
export GITHUB_ACCESS_TOKEN=<your-access-token>On Windows, set configure GITHUB_ACCESS_TOKEN in environment variables.
$env:GITHUB_ACCESS_TOKEN = "<your-access-token>"On Linux / WSL, run
python src/main.py --framework <your-framework> --file <path/to/dependency/file>