This repo analyses your code to determine what parts of your dependencies you use, and stores this in a file which can be picked up debricked.
This, combined with our information about what parts of dependencies are affected by CVEs, allows us to determine whether you use the parts of a dependency affected by a vulnerability, or if its safe to continue using the dependency in spite of the vulnerability.