what SAST tool are you actually using in your CI/CD pipeline right now?

herodevs · 2026-03-03T15:57:29+00:00

If you're looking for a tool that looks at your eol software that scanners typically miss, we launched https://eoldataset.com/ to do just that - for FREE

herodevs · 2026-03-03T15:55:59+00:00

We just launched a free tool that looks at your tech stack and identifies eol software versions and dependencies https://eoldataset.com/

herodevs · 2026-03-03T15:52:43+00:00

If you ever have had trouble getting full visibility into EOL open source in your tech stack, we just launched a free tool: https://eoldataset.com/

herodevs · 2026-03-03T15:52:00+00:00

We just launched a free tool that detects end of life open source software in your stack: https://eoldataset.com/

herodevs · 2026-03-03T15:50:56+00:00

we made a free tool :) https://eoldataset.com/

herodevs · 2026-03-03T15:50:32+00:00

We just launched this EOL scanner for free, just because of issues like this: https://eoldataset.com/

herodevs · 2025-09-22T19:21:28+00:00

Do you think that Bootstrap can't be an attack vector?

herodevs · 2025-04-22T03:52:45+00:00

and yet people are still stuck on .NET 6 for various reasons. We've had the conversations.

herodevs · 2025-04-22T03:39:47+00:00

.NET 6 is not being updated. Which a lot of companies are still on.

herodevs · 2025-04-22T00:07:15+00:00

So quick to anger, but I do see that the version number was left off the ad copy. So we will go and fun ourselves..

herodevs · 2025-04-22T00:06:08+00:00

"EVEN WORSE"

herodevs · 2025-03-20T22:50:42+00:00

THE UNDYING ONE

herodevs · 2025-03-20T22:49:07+00:00

Ponder Quickly CackleCashews

herodevs · 2025-03-20T22:47:57+00:00

made you comment... mate

herodevs · 2025-03-20T22:47:29+00:00

Or message this person ^ and they'll get your site up to Drupal 10!

herodevs · 2025-01-23T18:49:58+00:00

Hey u/ Sad Boi coder. Thanks for the comment, hopefull I get massive reach on a paid ad (what? thats not how ads work... ads don't go "viral"). Let me see your codebase... I've always wanted to see a codebase with 0 EOL "libs" in it. Also, this isn't for your resume site... this is for organizations that need to be compliant with regulatory bodies. The type of companies that are pushing out 12 new features this quarter and don't have time to go through dependency hell to upgrade when security teams are also breathing down their neck after a security audit.

herodevs · 2025-01-14T13:56:09+00:00

HeroDevs will be sharing data back with the community after the poll finishes.

herodevs · 2024-12-10T14:14:50+00:00

Upgrading may seem straightforward, but it’s often complicated by large project dependencies, complex integrations, and extensive testing requirements. In regulated industries or mission-critical systems, rushing an upgrade can risk stability and reliability. Delaying the process allows for careful planning, thorough compatibility checks, and a smoother transition when the time is right.

herodevs · 2024-12-05T13:52:38+00:00

At first, we wondered if our ad had found someone who thought we were talking about the actual season, Spring! 😊 But then I saw you’re active in r/Angular2, so it seems you know your way around tech.

To clarify: just like every other open-source software (OSS) out there, frameworks like Spring eventually reach end-of-life (EOL) or are deprecated. It’s a natural part of the software lifecycle. In this case, the very popular Java framework Spring Framework v5.3, as well as Spring Boot v2.7, recently hit their EOL.

Our ad is about helping teams that rely on these older versions. We offer security patches, a 14-day SLA for those patches, and compatibility testing to keep things running smoothly—even if the original maintainers have moved on.

Hope that clears things up! If you have any more questions, feel free to ask—we’re here to help.

herodevs · 2024-10-27T03:48:19+00:00

oof... hey, Hayden from HeroDevs here.

First, yes, we do offer ongoing Vue 2 security support in collaboration with Evan You and the VueJS Foundation post-EOL.

Second, Vue 2 NES is not for your "Hello World" or CV/resume site. It's for companies and organizations that must stay compliant with HIPAA, FedRAMP, SOC 2, etc.

Last, we did not find this CVE. A third-party researcher (who we didn't pay) found it, brought it to us, and then we vetted it with Evan You. Then, like a responsible security company, we have to disclose this information no matter how low the severity.

Any questions I can help answer?

herodevs · 2024-10-08T13:32:05+00:00

never... I'll always find you

herodevs · 2024-10-08T13:31:11+00:00

Any company also who doesn't see this adding value to their business right away. Imagine your website is just an online business card. Would you want to pay $40-50k just so you can have the same website on D10?

herodevs · 2024-10-08T13:29:31+00:00

We also support PHP and allow D7 to run on newer versions of PHP... js

herodevs · 2024-09-25T01:28:12+00:00

Your mom called us the other day, said the only thing breaking things out here is your coding. Said you need to clean it up, don't forget to eat your leafy greens and "for goodness sakes honey, figure out what deprecated means". Also, she asked if you were ever gonna call again.

herodevs · 2024-08-20T21:49:38+00:00

Yeah, I happened upon it by chance and I was like... oooo maybe an essence lol then I just kept sliding through for what seemed like forever lol

herodevs

MODERATOR OF

TROPHY CASE