cve

Introduction You might not be aware, but you could be at risk of a security incident due to a third-party library or component within your codebase having a vulnerability. This article will help you detect security vulnerabilities in third-party libraries using a free-to-use tool called Trivy. I’ve created a repo to demonstrate scanning a few types of apps here https://github.com/jtbuk/CVEDetection, it has a .NET app, and an angular spa, both of which run in docker, Trivy will scan the docker images, npm packages, and NuGet packages and we use the output to send a formatted slack message containing the results....