Skip to content

As an AppSec/Security team member, I want to identify transitive dependency risks, so that I can improve our security posture. #74

Description

@branic18

Enable scanning for transitive dependencies to uncover hidden vulnerabilities that could be risks.

Priority: Medium

User Personas

  • Developer
  • DevOps
  • AppSec/Security

Acceptance Criteria

  • Given a project with dependencies, when a scan is run, then transitive vulnerabilities are identified and prioritized.

Subtasks

  • Enhance scanner to detect transitive dependencies.
  • Implement risk prioritization for identified vulnerabilities.

Ordered Steps

  1. Run dependency analysis.
  2. Present results with prioritization.

Definition of Done

All transitive vulnerabilities are clearly identified and actionable through the SCA tool.

Referenced Insights

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions