Discovery: Are there any open source dependency scanners out there that have different or more capabilities than we have
Problem to solve
We have a limited set of Supported languages and package managers today.
In order to expand and improve our coverage I would like us to look at other dependency scanning tools to see if there any open source dependency scanners out there that have different or more capabilities than we currently have - should we add them, or even replace any of our existing ones?
Let's have a list and some evaluation notes so we can decide which to spend more time digging into in future items.
Intended users
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->
Further details
Proposal
Sub - issues
- do a competitor analysis to gather a list of other tools
- curate that list to remove tools that can't be integrated for legal/licensing reasons
- Will it work offline?
- investigate the value-added
- investigate the integration effort (technical)
Links / references
Edited by Nicole Schwartz