We use AquaSec Trivy in some of our other projects for scanning our source code as well as built containers for possible security issues related to our third-party dependencies (e.g. packages installed with apt-get or yarn), and should consider the same for code-server
This would complement the audit-ci tool that we have already integrated.
We use AquaSec Trivy in some of our other projects for scanning our source code as well as built containers for possible security issues related to our third-party dependencies (e.g. packages installed with
apt-getoryarn), and should consider the same for code-serverThis would complement the audit-ci tool that we have already integrated.