#13DELIVERYSCAN

Dependency Scan (SCA)

Known vulnerability detection in dependencies

Easy

Overview

Scan dependencies for known CVEs. Track vulnerable packages and get alerts on new vulnerabilities.

Why It Matters

Know your supply chain risk. Catch CVEs in dependencies before attackers do.

The Risk

Vulnerable dependencies are a common attack vector. Attackers actively scan for known CVEs in popular packages. Without scanning, you won't know you're vulnerable until you're exploited.

Implementation Components

A complete implementation of this capability includes:

Automated scanning of lock files
CVE database lookups
Severity-based prioritization
Alerts on critical/high findings
Automated PR creation for security updates
Tracking of remediation status

Implementation Pattern

1Scan lock files for CVEs
2Alert on critical findings
3Track remediation progress

Tool Examples

These are examples, not endorsements. Choose what fits your context.

Dependencies

Requires (must have first)

•#8 Build

Enables (unlocks)

•#62 Vulnerability Tracking

Same Phase

Other capabilities in this pipeline phase

Quick Actions

View in Flow View full landscape Assess your platform

←

#12 Code Scan (SAST)

#14 Secrets Detection

→