Skip to content

feat(security): integrate SCA dependency vulnerability scanning with CI gate thresholds#1184

Open
TheFaith-Code wants to merge 1 commit into
Devsol-01:mainfrom
TheFaith-Code:nestera-branch
Open

feat(security): integrate SCA dependency vulnerability scanning with CI gate thresholds#1184
TheFaith-Code wants to merge 1 commit into
Devsol-01:mainfrom
TheFaith-Code:nestera-branch

Conversation

@TheFaith-Code

Copy link
Copy Markdown

Integrates dependency vulnerability scanning into CI with enforcement thresholds:

  • SCA tool: Custom pnpm audit wrapper with severity thresholding, advisory suppression, and report generation
  • CI gate: dependency-scan job runs on every PR/push; build job depends on it, failing the pipeline on high/critical vulnerabilities
  • Report output: Clear plain-text report uploaded as a CI artifact
  • Suppression: Only allowed with documented justification (advisoryId + justification required in .dependency-suppressions.json)

Closes #1166

…CI gate thresholds

- Add custom pnpm audit wrapper with severity thresholding
- Add CI dependency-scan job that fails on high/critical vulnerabilities
- Add suppression mechanism requiring documented justification
- Add clear report output uploaded as CI artifact
- Add unit tests for SCA library

Closes Devsol-01#1166
@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
nestera Ready Ready Preview, Comment Jul 3, 2026 10:26am

@drips-wave

drips-wave Bot commented Jul 3, 2026

Copy link
Copy Markdown

@TheFaith-Code Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Backend] - Add Security Scanning Gate for Backend Dependencies (SCA)

1 participant