Skip to content

Files

Latest commit

d6e5379 · Jun 18, 2023

History

History

20220213072247

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Jun 18, 2023

Dependencies scanning

Dependencies check for software is very important thing to catch vulnerabilities as fast as possible.

Vulnerabilities are introduced through plugins, libraries etc.

Most popular ones in industry is Snyk and Dependabot(GitHub) Snyk Scans:

  • containers
  • dependencies
  • Terraform code
  • Auto fixes Dependabot do only dependencies check. It's by default on GitHub, and only available on GitHub.

Also, popular alternative is to use AquaSecurity open source tool: Trivy Have GitHub Actions, good integration with GitHub Security section.