Ensuring component security in pipelines

Problem

Currently, there is no automated process to ensure pipeline components are free from vulnerabilities before being used in a pipeline.

This lack of security validation poses a significant risk, as components with undiscovered vulnerabilities can compromise the entire pipeline and the production environment.

Proposed solution

To address these issues, we need a solution that integrates vulnerability scanning into the component publishing workflow, ensures the immutability of secure versions, and provides continuous security checks and alerts for maintainers and users.

• Provide a vulnerability report per each component (Free)
• Ability to block component usage (or publication) that did not pass the security scan (Paid)