Vulnerability Scanning

What it is

Vulnerability scanning automatically identifies known security weaknesses in code, dependencies, and configurations. It's an essential component of DevSecOps.

Scan types

Type	What it analyzes	When
SAST	Source code	Pre-commit, CI
SCA	Dependencies	CI, scheduled
Container	Docker images	CI, registry
IaC	Terraform, CloudFormation	CI
DAST	Running application	Staging, prod

Tools

Category	What it scans	Tools	Phase
SAST	Source code	Semgrep, SonarQube, CodeQL	PR / build
SCA	Dependencies	Snyk, Dependabot, Trivy	PR + daily
Container	Container images	Trivy, Grype, ECR scanning	Image build
IaC	Infrastructure as code	Checkov, tfsec, KICS	PR / plan

CI/CD integration

- scan-dependencies: snyk test
- scan-code: semgrep --config auto
- scan-container: trivy image myapp:latest
- gate: fail if critical vulnerabilities

Why it matters

Automated vulnerability scanning is the first line of defense against compromised dependencies and insecure container images. Integrated into the CI/CD pipeline, it detects issues before they reach production.

References

Trivy — Multi-purpose scanner.
Snyk — Security platform.
Trivy — GitHub — Aqua Security, 2024. Scanner source code and documentation.

What it is

Vulnerability scanning automatically identifies known security weaknesses in code, dependencies, and configurations. It's an essential component of DevSecOps.

Scan types

Type	What it analyzes	When
SAST	Source code	Pre-commit, CI
SCA	Dependencies	CI, scheduled
Container	Docker images	CI, registry
IaC	Terraform, CloudFormation	CI
DAST	Running application	Staging, prod

Tools

Category	What it scans	Tools	Phase
SAST	Source code	Semgrep, SonarQube, CodeQL	PR / build
SCA	Dependencies	Snyk, Dependabot, Trivy	PR + daily
Container	Container images	Trivy, Grype, ECR scanning	Image build
IaC	Infrastructure as code	Checkov, tfsec, KICS	PR / plan

CI/CD integration

- scan-dependencies: snyk test
- scan-code: semgrep --config auto
- scan-container: trivy image myapp:latest
- gate: fail if critical vulnerabilities

Why it matters

References

Trivy — Multi-purpose scanner.
Snyk — Security platform.
Trivy — GitHub — Aqua Security, 2024. Scanner source code and documentation.

Vulnerability Scanning

What it is

Scan types

Tools

CI/CD integration

Why it matters

References

Related content

Vulnerability Scanning

What it is

Scan types

Tools

CI/CD integration

Why it matters

References

Related content