Vulnerabilities can also be identified outside a pipeline by Vulnerabilities and their severity are listed in the merge request, enabling you to proactivelyĪddress the risk to your application, before the code change is committed. Pipeline runs, vulnerabilities are identified and compared between the source and target branches. These items typically include application and systemĭependencies that are almost always imported from external sources, rather than sourced from itemsĭependency Scanning can run in the development phase of your application’s life cycle. SCA can containĪspects of inspecting the items your code uses. Allĭependencies are scanned, including transitive dependencies, also known as nested dependencies.ĭependency Scanning is often considered part of Software Composition Analysis (SCA). Specific settings for languages and package managersĭependency Scanning analyzes your application’s dependencies for known vulnerabilities.Hosting a copy of the gemnasium_db advisory database.Set dependency scanning CI/CD job variables to use local dependency scanning analyzers.Support for Custom Certificate Authorities.Make GitLab dependency scanning analyzer images available inside your Docker registry.Requirements for offline dependency scanning.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |