Component Vulnerability Check for Bamboo

Component Vulnerability Check integrates various databases as NSP, CVE in order to provide insights into third party dependencies and assist developmnent teams by improving the security of the products with each build.

The system works as a simple task that has to be inserted into the build job definitions, right after build dependencies are donwloaded. For example in case of a NodeJS build, add it after npm install has completed downloads.

Settings page

Task settings enabling you to decide which scanners to enable for which technology stacks.


Found dependencies

Scanner will find some good third party dependencies, or you may choose not to bother with small issue.



Some failures

In case there are issues scanner will raise them as failed test cases. In case you would like to ignore some just use quarantine feature.




No comments:

Post a Comment