← Back to Landscape

#13DELIVERYSCAN

Dependency Scan (SCA)

Known vulnerability detection in dependencies

Easy

Overview

Scan dependencies for known CVEs. Track vulnerable packages and get alerts on new vulnerabilities.

Why It Matters

Know your supply chain risk. Catch CVEs in dependencies before attackers do.

Implementation Pattern

1Scan lock files for CVEs
2Alert on critical findings
3Track remediation progress

Tool Examples

These are examples, not endorsements. Choose what fits your context.

pip-audit

npm audit

Trivy

Dependencies

Requires (must have first)

•#8 Build

Enables (unlocks)

•#62 Vulnerability Tracking

Same Phase

Other capabilities in this pipeline phase

Quick Actions

View in Flow View full landscape Assess your platform

#12 Code Scan (SAST)

#14 Secrets Detection