๐๏ธ ๐งช GitHub Code Scanning
GitHub supports uploading SARIF
๐๏ธ ๐ Code Analysis
EXPERIMENTAL: This feature is experimental and may introduce breaking changes.
๐๏ธ ๐ฆ Dependency Inventory
Package managers such as Maven, Gradle etc. has the most accurate view of library dependencies. They can be used to resolve the dependencies, generate an SBOM and scan using vet for better accuracy. In this guide, we will use CycloneDX gradle plugin to generate a software bill of material (SBOM) and scan it using vet.
๐๏ธ โ๏ธ Programmatic Access to Insights API
To follow this guide you need a SafeDep Cloud API Key and Tenant Identifier.
๐๏ธ ๐ Audit Terraform Provider Inventory for Supply Chain Risks
To follow this guide you need a SafeDep Cloud API Key and Tenant Identifier.