Appcanary is joining GitHub

Find out more here

Appcanary joins github

Trusted by:

Logo cc
Logo eligible
Logo procore
Logo reactive
Logo curious
Logo yc

Don't find out about security vulnerabilities through Twitter or Hacker News.

Show your compliance auditors how effective you are at keeping your systems safe.

We’re currently tracking more than

61,103 vulnerabilities

over hundreds of thousands of packages:

Ruby gems like Rails, ActiveRecord, or multi_json

Linux packages like nginx, apache, or MongoDB
on Ubuntu, Debian, CentOS, and Amazon Linux



Our agent stays with your servers and checks up on them regularly.

It's very polite and discreet.

Check API


Check with us whenever you run tests, or submit pull requests.

Monitor API


Let us know whenever you deploy and we'll notify you later.

Works great with Docker and Heroku!


Canary map.medium

How it works

We keep track of which versions of what packages are vulnerable to which security vulnerabilities, so you don't have to.

We provide an open-source agent and an API. We monitor the packages you have installed on your Linux system by hooking into the package manager (i.e. apt or yum). We also monitor the libraries used by your Ruby or PHP applications by monitoring their package lock files.

You can upload files directly to our API endpoint, or through a web interface.

Platforms supported

  • Ubuntu - via apt
  • Debian - via apt
  • CentOS - via yum
  • Amazon Linux - via yum
  • Ruby - via Gemfile.lock
  • PHP - via composer.lock
  • More coming soon!


In 2012, Phill and Max started a security and web development consultancy together. In 2013, they cofounded Rubysec, an open-source project that catalogues all Ruby-related software vulnerabilities.

In 2015, they shuttered the consultancy to begin working on Appcanary. That summer they participated in Y Combinator.