#father #husband #snowboarding #hiking #surfing #kayak #bootstrap #founder #music #ancienthistorybuff #astronomybuff #coder #security #researcher #curious of everything else interesting
In that order regardless of online representations
| Vulnetix | https://vulnetix.app |
Early adopters needed for Vulnetix!
https://github.com/apps/vulnetix
Please install our GitHub App whether or not you intend to give feedback or contribute to features, just installing with an empty repor or fork can help us reach others better.
Bonus: If you install now, you will forever gain access to Vulnetix for free - this is by design for all GitHub Apps that add a paid plan later.
I'm just going to call it #SCA is dead. Any vendor selling SCA as a primary feature will not last long.
Most of the world is on GitHub, and get Dependabot for SCA
Most, if not all, package managers have now standardised on SCA via an audit command
If you are building an SCA today, using the OSV (Google's project which is long since been OSS) which is the vuln database collection for all known vuln databases - which gives you SCA discovery (without needing to build the app like Snyk) that only needs a lock file or SBOM.
If you relied on reporting from the SCA tool, then It's a vendor lockin situation where it's best to just get out now and instead report against something like SBOM+VEX so you never need to change reporting even when you change vendors.
Want SCA findings to leave you alone? Try Vulnetix
