Detect dependency vulnerabilities
PulseUno provides an option to regularly check for security vulnerabilities in chains and vault packages.
Dependency vulnerability data
When you run a chain or deliver a package to a vault, PulseUno automatically detects and reports dependency vulnerabilities that the chain or package have.
For enhanced security, you can turn on continuous vulnerability detection for chains and packages. This way, PulseUno identifies and reports any dependency vulnerabilities as soon as they are discovered in the future. By default, the ongoing vulnerability check is enabled for remote vaults.
To keep up to date with newly found security issues, PulseUno regularly gathers information about dependency vulnerabilities from the following sources:
- Vulnerability database of the National Institute of Standards and Technology (NIST)
- Sonatype OSS Index
- npm Security Advisories
Run continuous vulnerability checks
You can enable PulseUno to continuously check for vulnerabilities in a selected vault or chain.
To run ongoing vulnerability checks:
Chains |
|
Vault packages |
Enable the Dependency Vulnerability Check option in vault settings. For details, see Edit vault settings. |
See also: