Move Container Scanning in Software Composition Analysis group (!18056) · Merge requests · GitLab.com / www-gitlab-com

Fabio Busatto requested to merge move-container-scanning-in-sca-group into master Jan 11, 2019

Software Composition Analysis is about dealing with external dependencies that are used by the app.

Container Scanning is about dealing with vulnerabilities in Docker images that are used as the base system to build the app environment. So, it is a sort of "system dependency", but not so far away from library dependency.

We can consider to keep it as a separate category, but group it under the Software Composition Analysis group.

This will bring the structure of the Secure stage to have three groups, that can map 1:1 to the three teams approved in the FY2020 plan.

SAST
1. SAST
2. Secret Detection
DAST
1. DAST
2. IAST
3. Fuzzing
Software Composition Analysis
1. Dependency Scanning
2. Container Scanning
3. License Management

Edited Feb 07, 2019 by Fabio Busatto

Move Container Scanning in Software Composition Analysis group

Merge request reports