Dependency checking

Known vulnerabilities in third-party components or dependencies are very common. They could even be part of the OWASP Top 10 List of Using Components with Known Vulnerabilities. The OWASP Web Malware Scanner (see https://www.owasp.org) is a malware scanner for web applications. It can be used to scan a web application by using signatures from a community build and a managed database. It works by testing each file of the web application for known signatures of malware.

These known vulnerable components should be identified at an early development stage. It is also good practice to perform vulnerability scanning of the dependency components not only in the development stage but also in the production stage on a regular basis. ...

Get Mastering GitLab 12 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.