![]() To cover as much of your risk area as possible, GitLab offers both Dependency Scanning and Container Scanning toĮnsure coverage for all of these dependency types. Vulnerabilities can also be identified outside a pipeline by ![]() Vulnerabilities and their severity are listed in the merge request, enabling you to proactivelyĪddress the risk to your application, before the code change is committed. Pipeline runs, vulnerabilities are identified and compared between the source and target branches. These items typically include application and systemĭependencies that are almost always imported from external sources, rather than sourced from itemsĭependency Scanning can run in the development phase of your application’s life cycle. SCA can containĪspects of inspecting the items your code uses. Allĭependencies are scanned, including transitive dependencies, also known as nested dependencies.ĭependency Scanning is often considered part of Software Composition Analysis (SCA).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |