Dependency scanning identifies known vulnerabilities in third-party packages. Tools include Dependabot, Snyk, npm audit, and Trivy. Software composition analysis (SCA) tracks transitive dependencies. Supply chain security includes lock files, signed packages, SBOM generation, and policies for acceptable vulnerability thresholds.
The 5-Mode Loop
5 of 5 modes available
Read · See · Animate · Test · Build