Additional Suggested Solution (was Auto Remediation) support for Dependency Scanning
Problem to solve
Auto Remediation recommends merge requests to automatically fix vulnerabilities.
It currently supports Dependency Scanning findings, but only for Yarn based projects. We should add more package managers in the supported list.
- Sasha, Software Developer
- Sam, Security Analyst
Developer should select at least one currently supported package manager that would be easiest to add auto remediation for, and add it for that package manager.
Once done, everything should follow the same flow of the existing Auto Remediation feature.
What does success look like, and how can we measure that?
Number of Dependency Scanning vulnerabilities fixed by Auto Remediation increases.