zet

Dependencies scanning

Dependencies check for software is very important thing to catch vulnerabilities as fast as possible.

Vulnerabilities are introduced through plugins, libraries etc.

Most popular ones in industry is Snyk and Dependabot(GitHub) Snyk Scans:

Also, popular alternative is to use AquaSecurity open source tool: Trivy Have GitHub Actions, good integration with GitHub Security section.