Dependency Security
Check if there are vulnerabilities in dependencies.
Find existing tool(s). If possible, it should be something that runs in the pipeline: a command-line tool.
Create a script bin/security_check_dependencies.bash that integrates the tool(s) that checks the following areas:
package.json
Dockerfile
apt
Documentation
- docs/developer/dependency-management.md
- cheatsheet
Current last commit hash with check_outdated.sh & npm update script is 74cc4e08
Edited by Rarity