I’m trying to feel more comfortable using random GitHub projects, basically.

  • adr1an
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    Perhaps snyk.io I used it in the past, but I didn’t find it quite useful. Now I have a github action to upgrade dependencies every week. But you want some kind of scanner to be more involved on the actual codebase. Did you look into https://github.com/marketplace?query=security ? That’s what I would do. But I never heard of any of those listed there. Let us know your findings after some time if you test 'em ;) good luck!