marma.dev

A smarter way to track software versions

870 words - 5 min read
techrustdevopsproductivityself-promotion2025

NOTE

> This is a self-promotional article for a personal project. It is currently running in my work environment and helps me a lot. I hope it can help you too.

Prelude

At work, keeping track of software versions is a never-ending task. Repositories, container images, Helm charts. Some updates are mission-critical, demanding immediate action, while others require careful assessment before being unleashed upon production (or your unsuspecting teammates).

Initially, I managed updates manually:

  • Checking GitHub releases
  • Browsing DockerHub
  • Skimming ArtifactHub
  • Setting up RSS feeds and email alerts (because clearly, I love inbox chaos)

It was inconsistent and inefficient. Some tools had built-in notifications; others didn’t. There was no single source of truth, and, worst of all, updates slipped through the cracks. I needed a way to centralize version tracking and receive notifications where I actually needed them, preferably before my boss asked, "Hey, did you see this security advisory from last week?"

Veno – The missing piece in version tracking

That’s why I built Veno, a lightweight version tracker designed to bring order to the chaos of software updates.

Keeping track of versions shouldn’t feel like detective work. You shouldn’t have to scour multiple websites, set up redundant alerts, or wonder if you missed an update that could fix a critical vulnerability. Veno eliminates that uncertainty by consolidating software version tracking into a single, structured system that keeps you informed without overwhelming you.

WARNING

Veno is still in a verly early stage of development. There are still a lot of features missing.

So how does it work?

Veno watches over your software dependencies like an overcaffeinated release manager, checking multiple sources to track new versions of the artifacts you care about. But tracking alone isn’t enough, Veno makes sure you actually receive those updates where they matter. Whether that’s through email, Slack, webhooks, or another integration, you get notified in a way that fits your workflow. No more endless tabs, no more missed security patches.

You get the flexibility to decide when and how to update, without having to chase down version numbers across half the internet.

How to get started

We introduces two concepts: Artifacts and Notifiers.

  • Artifacts
    The software packages you want to track. These could be container images, Helm charts, libraries, or anything else that versioning chaos applies to.
  • Notifiers
    Where you want updates to be sent. You can fine-tune this per artifact, ensuring critical updates land in Slack, while less urgent ones show up in your inbox (or somewhere you’ll conveniently ignore).

Everything is stored in a single JSON config, making setup refreshingly simple.

Example

Let's say you want to track Rust version updates. You first need to define an artifact

[{
  "name": "Rust",
  "source": {
    "type": "github",
    "identifier": "rust-lang/rust"
  },
  "current_version": "1.82.0",
  "notifier": ["team_slack", "private_email"]
}],

Then you would need to define the notifiers you referenced in the notifier key in the artifact. Here we need two notifiers, one for the team_slack and one for the private_email.

[
  {
    "name": "private_email",
    "sink": {
      "type": "email",
      "host": "smtp.gmail.com",
      "username": "username",
      "password": "${EMAIL_PASSWORD}",
      "to": "recipient@somemail.com"
    }
  },
  {
    "name": "team_slack",
    "sink": {
      "type": "slack",
      "webhook": "..."
    }
  }
]

See the docs to find out more about the syntax and what is possible.

TIP

I recommend to use the binary as a cron job in your cluster, so you can get the updates in the right time.

Renovate – A familiar bame in the game

But what about Renovate?

Renovate is an excellent tool that automates dependency updates by creating pull requests based on predefined rules. It’s perfect for keeping repositories up-to-date without requiring human intervention. If you maintain a codebase with dozens of dependencies, Renovate is your friend, it ensures your project doesn’t stagnate on outdated versions while you’re off doing more important things.

However, automatic PRs aren’t always ideal:

  • When an update requires manual review (e.g., breaking changes, licensing issues)
  • When multiple artifacts need tracking across different environments
  • When the software isn’t in a repository but still needs monitoring (because not everything lives in a GitHub repo, despite what some engineers believe)

This is where Veno and Renovate complement each other.

A perfect pair

Veno acts as your early warning system, notifying you when a new version is available so you can assess its impact.
Renovate takes it a step further by automating dependency updates in repositories where PR-based updates make sense.

Together, they provide a flexible, automated update strategy, whether you prefer hands-on control, full automation, or a mix of both.

The future

What’s next for Veno?

  • More sources (GitLab, Bitbucket, NPM, etc.)
  • More notification options (Microsoft Teams, Discord, Rocket Chat, so you can be spammed wherever you like)
  • A web service & scheduling support

And a lot more! See the Issues and the Milestones for more info.

Try Veno Today!

Check it out on GitHub. Contributions, feedback, and feature requests are always welcome!

How do you currently track software updates? Would Veno + Renovate fit into your workflow, or are you still manually checking DockerHub like it’s the dark ages?