Audito Docs
HomeDashboard

Docs

Getting started

Sign up, add your first library, and learn what Audito does for you.

What Audito does

Audito is a dependency-security dashboard. You add the libraries (or applications) you ship, Audito tracks their dependencies against OSV and the GitHub Advisory Database, and the findings inbox shows you what's open with severity, drift, and license context — without you running anything locally.

Sign up

  1. Open the landing page and click Get started.
  2. Sign up with email or an SSO provider. Audito uses Clerk; if your team has an organization, ask an admin to invite you so your data is workspace-scoped.
  3. After confirming, you land on /dashboard with an empty posture.

Add your first library

There are two paths into the inventory:

  • Manual/dashboard/libraries → New library → Add manually. Give it a name (e.g. web-app or payments-service) and add at least one (ecosystem, package, version) row. This is the right path when you want to watch a single dependency or hand-curate a small list.
  • Upload an SBOM or manifest — same dialog, Upload tab. We accept package.json, package-lock.json, requirements.txt, pyproject.toml, CycloneDX JSON, and a few conda flavors. Audito parses the file, dedupes entries, and previews what will be imported before you commit. See SBOM imports for the full list.

What happens after import

The moment a dependency lands, Audito kicks off a background scan. That scan:

  • Resolves each dependency's "latest" version against its registry.
  • Cross-checks the resolved version against OSV vulnerability data.
  • Snapshots the per-library posture (open / accepted / dismissed counts).

Scans typically finish in a few seconds for small libraries, longer for big SBOMs. You don't need to keep the page open — the activity feed records the job, and the dashboard refreshes once it lands.

Where findings appear

  • /dashboard — the posture hero shows total open findings by severity and the trend line over the last few weeks.
  • /dashboard/findings — the global inbox. Filter by status, severity, or library; expand a row to see refs and the full triage history. See Triage for the full workflow.
  • /dashboard/libraries/[id] — the per-library page lists open findings next to the dependency that produced them, with the same triage controls.

That's the loop: import once, watch the dashboard, triage from the inbox.

Next steps

  • Read Concepts to understand the data model in one page.
  • Configure your License policy so SPDX violations show up alongside CVEs.
  • If you live in Claude Code, set up the MCP server and query Audito without leaving the editor.