devtron icon indicating copy to clipboard operation
devtron copied to clipboard

Published 20 hours ago verified publisher icon devtron-labs

Software Composition Analysis (SCA) via Devtron

Open ankit-ls opened this issue 2 years ago • 0 comments

Summary

We are considering using Devtron as an SCA tool, which can scan code/images and notify us of any vulnerabilities in our code. Devtron already provides a mechanism to scan Docker images, and to identify CVEs. We are looking at it to serve the following purposes:

  1. Inventory of all open source softwares used in a repo.
  2. License compliance.
  3. Security Vulnerabilities (CVEs).

Motivation

There are some orgs who have worked in this field. We can take inspiration from their solutions to build it inside Devtron. E.g. AboutCode, Owasp, Fossology

AB#450

ankit-ls avatar Nov 30 '21 12:11 ankit-ls