Automate Dependency Vulnerability Identification
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Implement an automated process to identify dependencies with publicly disclosed vulnerabilities
Details
- Default Category: dependency management
- Default Priority Group: P6
- C-SCRM: true
- Mitre: CWE-1395
- Mitre: M1016
- Sources: OWASP SCVS L1 5.4
- Sources: OpenSSF Scorecard
- Sources: OpenSSF Best Practices Badge Passing Level (dependency_monitoring)
- How To: Github Docs