Frequently Asked Questions

Li'nage Cloud is a software supply chain intelligence platform that provides deep visibility into your dependencies, APIs, and architecture. Unlike traditional dependency scanners that produce flat lists, Li'nage creates an interactive 3D graph visualization that shows relationships, impact paths, and risk propagation across your entire software ecosystem. It's designed for engineering teams who need to understand their software at scale—not just list packages, but truly comprehend how everything connects.

Those tools focus on vulnerability detection—they scan packages against CVE databases and alert you to known issues. Li'nage complements these by providing the context layer: organizational visibility (which of your 50 services uses this vulnerable package?), impact analysis (if we upgrade this library, what breaks?), and architecture intelligence (how does data flow through our APIs?). Think of vulnerability scanners as the 'what's broken' tool; Li'nage is the 'what does it mean and how do we fix it safely' platform.

The quickest path is: 1) Create a free account, 2) Install our CLI with `npm install -g @linage/cli`, 3) Run `linage ingest` in any project directory. Within minutes, your dependency graph appears in the dashboard. For CI/CD integration, you can add a single line to your GitHub Actions or GitLab CI pipeline. We also support manual file upload for air-gapped environments.

Yes. Our free tier includes up to 3 projects, 1 workspace, and access to the 3D dependency graph with basic analytics. This is a genuine production-ready tier, not a limited trial—you can use it indefinitely. Paid tiers add features like cross-project impact analysis, team workspaces, API access, and enterprise integrations.

No. Li'nage Cloud only processes metadata: manifest files (package.json, requirements.txt, go.mod), lock files, and optionally API specifications. We never clone your repository, never execute your code, and never store source files. Your intellectual property and proprietary logic remain entirely on your infrastructure. We've designed the system this way intentionally because we believe supply chain intelligence shouldn't require surrendering your code.

All data is stored in Azure data centers (US regions by default, with EU options for Enterprise customers). Data is encrypted at rest using AES-256 and in transit using TLS 1.3. We maintain logical isolation between tenants—your data is never commingled with other organizations. Database access is restricted to service accounts with least-privilege permissions, and all access is logged for audit purposes.

Li'nage Cloud is built according to SOC 2 Type I principles with Type II certification in progress. We incorporate controls from ISO 27001 and follow OWASP security guidelines throughout development. For Enterprise customers, we provide detailed security questionnaires, penetration test reports, and can accommodate specific compliance requirements through our security review process.

Absolutely. You can delete individual projects through the dashboard, which removes all associated dependency data, version history, and analytics. Full account deletion removes everything including audit logs after a 30-day grace period. For compliance scenarios requiring immediate deletion, contact support for expedited processing. We provide deletion certificates upon request.

Never for commercial purposes. We use infrastructure providers (Azure, Vercel) necessary to operate the service. We do not sell data, do not use your dependency information for benchmarking or research without explicit consent, and do not integrate with third-party analytics platforms that could expose your software composition. Our privacy policy details the limited, operational-only data sharing that occurs.

We support all major ecosystems: JavaScript/TypeScript (npm, yarn, pnpm), Python (pip, poetry, pipenv), Go (modules), Rust (Cargo), Java (Maven, Gradle), .NET (NuGet), Ruby (Bundler), and PHP (Composer). Support for additional ecosystems is added based on customer demand. Our parser architecture is extensible—Enterprise customers can request custom parsers for internal package formats.

The graph uses force-directed layout algorithms running on WebGL via Three.js. Each package becomes a node; each dependency relationship becomes an edge. We simulate physical forces—nodes repel each other to prevent overlap, connected nodes attract each other to form clusters. The result is a layout where related components naturally group together. You can rotate, zoom, search, filter by risk level, and click any node to see its full dependency tree and dependent services.

Yes, this is the recommended approach. Our CLI integrates with GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure DevOps, and any system that can run shell commands. The basic integration is a single command: `linage ingest --project <name>`. We also support webhooks for event-driven updates when new versions are published. The ingestion process typically completes in under 30 seconds for projects with 1000+ dependencies.

Blast radius analysis answers the question: 'If this component fails or changes, what else is affected?' We traverse the dependency graph from a selected node, identifying all downstream consumers. For vulnerability remediation, this shows which services need patching. For upgrades, it predicts what might break. The analysis includes direct dependents, transitive dependents, and—uniquely—cross-project dependencies when your organization has multiple services in Li'nage.

Currently, Li'nage focuses on supply chain intelligence rather than vulnerability scanning. We integrate with and complement tools like Snyk and Trivy. However, when you import vulnerability data (via integration or API), Li'nage enhances it with organizational context: not just 'this CVE exists' but 'this CVE affects 15 of your services, owned by 3 different teams, and the fastest remediation path is updating the shared auth library.' Vulnerability scanning as a native feature is on our roadmap.

Yes. Every ingestion creates a versioned snapshot of your dependency state. You can view historical graphs, compare versions side-by-side, and track how your dependency tree has evolved over time. This is valuable for audits ('what was deployed on this date?'), incident investigation ('when did this problematic package enter our tree?'), and compliance reporting.

Organizations are your top-level container—typically one per company. Within an organization, you can create multiple workspaces to group related projects (by team, by product line, by environment). Each workspace has its own members and permissions. Projects live within workspaces. This hierarchy allows flexible access control: a developer might have full access to their team's workspace but read-only access to shared infrastructure projects.

We support Owner (full control including billing and member management), Admin (project and workspace management), Member (view and ingest), and Viewer (read-only access). Permissions are inherited: workspace-level roles apply to all projects within. Enterprise plans support custom roles with granular permission sets for scenarios like 'can ingest but cannot delete' or 'can view graphs but not export data.'

Yes. You can invite users by email to specific workspaces with appropriate role assignment. External collaborators only see the workspaces they're explicitly invited to. For vendor access or auditor scenarios, we recommend creating a dedicated workspace with the specific projects they need to review, then inviting them as Viewers.

We offer tiered pricing based on number of projects and features. The Free tier includes 3 projects with core graph functionality. Pro adds unlimited projects, API access, and cross-project analysis. Enterprise adds SSO, custom integrations, dedicated support, and compliance features. All paid plans include a 14-day free trial. Pricing is per-organization, not per-user—add as many team members as you need without per-seat costs.

We accept all major credit cards (Visa, Mastercard, American Express) via Stripe. For Enterprise customers, we also support invoicing with NET-30 terms, wire transfer, and local payment methods in select regions. Pakistan-based customers can use JazzCash for local currency payments.

Yes, at any time through the billing settings. Downgrades take effect at the end of your current billing period. If you exceed the free tier limits after downgrading (e.g., have 10 projects but downgrade to free), you'll retain read-only access to all data but cannot ingest new versions until you reduce to 3 projects or upgrade. We never delete your data due to plan changes.

First, ensure you have the correct manifest and lock files in your project root. The CLI looks for standard locations (package.json + package-lock.json for npm, requirements.txt or pyproject.toml for Python, etc.). Run `linage debug` to see exactly what files the CLI detects. Common issues: missing lock file (we need exact versions, not just ranges), uncommitted changes not reflected in checked files, or non-standard project structure requiring explicit configuration.

The 3D graph requires WebGL support in your browser. Try: 1) Using Chrome, Firefox, or Edge (Safari has limited WebGL support), 2) Ensuring hardware acceleration is enabled in browser settings, 3) Closing other GPU-intensive applications. If you see 'context lost' errors, this usually indicates GPU memory exhaustion—try with fewer visible nodes by using the filter controls.

Verify your API key is correctly configured (Settings → API Keys). Check that the key has the required scopes for your operation—read operations need 'read' scope, ingestion needs 'write' scope. Keys are scoped to organizations; ensure you're using a key from the correct organization. If the key was recently created, allow 30 seconds for propagation. Regenerating the key will invalidate the old one immediately.