Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Software Composition Analysis (SCA) in the CI #39

Open
hoaraujerome opened this issue May 4, 2023 · 0 comments
Open

Add Software Composition Analysis (SCA) in the CI #39

hoaraujerome opened this issue May 4, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@hoaraujerome
Copy link
Owner

hoaraujerome commented May 4, 2023
edited
Loading

Trivy
https://pipelines.devops.aws.dev/application-pipeline/ri-cdk-pipeline/#build

Mend SCA (software composition analysis), previously Whitesource, helps detect open-source software dependencies by identifying if they are up to date, contain security flaws or have licensing requirements. Our teams have had good experience with integrating Mend SCA in their paths to production. Right from IDE integration, raising an automatic PR based on an identified issue to integrating into the CI/CD pipeline, this tool offers a great developer experience. Other popular SCA tools, such as Snyk, are comparable and also worth exploring for your security needs.
@hoaraujerome hoaraujerome added the enhancement New feature or request label May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hoaraujerome