Deps
Fleet scans all registered apps for outdated packages (npm, Composer, pip), Docker image updates, runtime EOL warnings (via endoflife.date), and security vulnerabilities (via the OSV API). Results are cached and surfaced via the CLI, SSH MOTD, and Telegram notifications.
fleet deps
Show a dependency health dashboard from cached scan results.
Usage
fleet deps [app] [--json] [--severity <levels>] [--motd]Arguments
| Argument | Required | Description |
|---|---|---|
app | No | App name for per-app detail. Omit for summary. |
Flags
| Flag | Description |
|---|---|
--json | Output raw JSON |
--severity <levels> | Filter by comma-separated severity levels (e.g. critical,high) |
--motd | Output MOTD-formatted text for SSH login banners |
Examples
$ fleet depsDependency Health...summary of findings across all apps...$ fleet deps myappDeps: myapp...per-app findings...$ fleet deps --severity critical,highIf no scan data is present, fleet prompts you to run fleet deps scan first.
Related
- MCP tool:
fleet_deps_status
fleet deps scan
Run a fresh dependency scan across all registered apps. Results are saved to a local cache.
Usage
fleet deps scan [--quiet]Flags
| Flag | Description |
|---|---|
--quiet | Suppress output (useful in cron jobs) |
Examples
$ fleet deps scanScanning dependencies across all apps...✓ Scan complete: 12 findings across 3 apps (4200ms)
Dependency Health...If Telegram notifications are configured, fleet sends an alert for any new findings above the configured minimum severity.
Related
- MCP tool:
fleet_deps_scan
fleet deps fix
Create a pull request with dependency updates for an app. Dry-run by default.
Usage
fleet deps fix <app> [--dry-run]Arguments
| Argument | Required | Description |
|---|---|---|
app | Yes | App name |
Flags
| Flag | Description |
|---|---|
--dry-run | Preview the changes that would be made without creating a PR |
Examples
$ fleet deps fix myapp --dry-runDry run: myapp Would create branch: deps/update-2026-04-12 package.json: "express": "^4.18.0" -> "^4.21.0" package.json: "zod": "^3.20.0" -> "^3.24.0"$ fleet deps fix myapp✓ PR created: https://github.com/org/myapp/pull/55Related
- MCP tool:
fleet_deps_fix
fleet deps config
Show or set dependency monitoring configuration.
Usage
fleet deps config [set <key> <value>]Configurable keys
| Key | Description |
|---|---|
scanIntervalHours | How often automated scans run (default: 6) |
concurrency | Number of apps to scan in parallel |
Examples
$ fleet deps config{ "scanIntervalHours": 6, "concurrency": 3, "ignore": [], ...}$ fleet deps config set scanIntervalHours 12✓ Set scanIntervalHours = 12Related
- MCP tool:
fleet_deps_config
fleet deps ignore
Add an ignore rule to suppress a specific dependency finding.
Usage
fleet deps ignore <package> --reason "..." [--app <name>] [--until YYYY-MM-DD]Arguments
| Argument | Required | Description |
|---|---|---|
package | Yes | Package name to ignore |
Flags
| Flag | Description |
|---|---|
--reason "..." | Why this finding is being suppressed (required) |
--app <name> | Limit the ignore rule to a specific app |
--until YYYY-MM-DD | Auto-expire the rule on this date |
Examples
$ fleet deps ignore lodash --reason "Internal use only, not exposed" --app myapp✓ Ignoring lodash for myapp: Internal use only, not exposed$ fleet deps ignore some-pkg --reason "False positive" --until 2026-06-01✓ Ignoring some-pkg: False positiveRelated
- MCP tool:
fleet_deps_ignore
fleet deps init
Install automated dependency scanning: writes a cron job, installs a MOTD script for SSH login banners, and runs an initial scan.
Usage
fleet deps initWhat it does
- Writes config to
data/deps-config.json - Installs
/etc/update-motd.d/99-fleet-deps— displays a deps summary on SSH login - Installs
/etc/cron.d/fleet-deps— runsfleet deps scan --quieteveryscanIntervalHourshours - Runs an initial scan
Examples
$ fleet deps init✓ Config written to data/deps-config.json✓ MOTD script installed at /etc/update-motd.d/99-fleet-deps✓ Cron installed: every 6 hoursRunning initial scan...✓ Initial scan complete. Run: fleet deps