Software end of life
Detect end-of-life (EOL) packages in container images, filesystems, and SBOMs
Overview
The End of Life (EOL) feature is a crucial component of our code quality and security product. It provides a comprehensive dashboard to monitor and manage the lifecycle status of software dependencies. This feature helps developers and security teams proactively identify and update dependencies that are approaching or have reached their end-of-life, thereby mitigating potential security risks and maintaining code quality.
What is End of Life?
In the context of software dependencies, End of Life refers to the point in time when a software component no longer receives updates or patches, including critical security fixes. Once a dependency reaches its end of life, it is no longer safe to use in production as it may expose the application to vulnerabilities and compliance issues.
Supported Data
The EOL dashboard utilizes data from the endoflife.date database, which is sponsored by Datadog and Netlify. It provides up-to-date information on the lifecycle status of various software packages. The dashboard supports the following data:
- Current version: Displays the latest stable version of each package.
- Release dates: Shows the release history and dates for each version.
- EOL dates: Indicates the projected or confirmed end-of-life dates for each version.
Scope of Tracking
Our EOL feature tracks a wide array of packages across different ecosystems, including but not limited to:
- Programming languages like Python, Java, and Ruby
- Frameworks such as Django, React, and Angular
- Key libraries used in various development environments
Currently, the dashboard provides lifecycle data for 335 packages, ensuring comprehensive coverage and aiding in effective dependency management.
Additional Features
Besides tracking end-of-life dates, the EOL dashboard offers several other features to enhance its utility:
- Security Alerts: Notifies users of any security vulnerabilities associated with outdated or EOL dependencies.
- Integration with pull requests: Seamlessly integrates with pull requests to ensure dependencies are consistently monitored and managed.
- Customizable Alerts: Allows users to set custom thresholds and notifications for approaching EOL dates, ensuring they are never caught off guard.