Hey Product Hunt! đź‘‹
You know that moment when a critical CVE drops and you’re frantically checking if you’re affected? Or when you discover during a security audit that you have dozens of vulnerabilities in packages you didn’t even know you were using?
That’s why we built Trace-AI.
Here’s the reality: Most security tools tell you WHAT is vulnerable, but not WHERE it’s coming from or WHY it’s in your project. You see “requests 2.25.0 has CVE-XXXX” but then spend an hour digging through dependency trees trying to figure out which of your 15 services actually uses it and whether you installed it directly or if something else pulled it in.
What actually frustrated me as a developer:
-
Spending more time investigating dependencies than fixing them
-
Getting security alerts for packages I’ve never heard of (transitive dependency problems)
-
Not knowing if I can safely upgrade without breaking something
-
That panicked feeling when Log4Shell happened and we had to audit everything
If you’ve ever looked at your node_modules or site-packages folder and thought “I have no idea what half of this is,” this is for you.
Currently supported:
Languages: Python, JavaScript (Java launching next week | Go, Rust, Ruby coming soon)
Platforms: GitHub (GitLab and Bitbucket in the works)
Looking for your feedback:
Try it with 5 repos free (no card needed) plus, Product Hunt community gets 2 additional repos! Use the promo code in this launch. Let me know what breaks, what works, or what you’d want to see next.
Don’t see your language or platform? Reach out directly, we actively reprioritize our roadmap based on what teams actually need. If there’s demand, we’ll move it up the queue.
Follow along for updates, or drop your toughest questions. Real feedback from this community is what makes products better. 🙏
About the Author
