Vulnerability Scanning

Purpose

Automatically scan code and infrastructure for known vulnerabilities and security weaknesses.

When to Use

• Every build (CI/CD)
• Before releases
• Regular security audits
• After dependency updates

Process

1. Configure scanning tools
2. Run SAST (static analysis)
3. Run DAST (dynamic analysis)
4. Review findings
5. Prioritize and remediate

StudyAbroad-Specific Considerations

• npm audit for dependencies
• Snyk for continuous monitoring
• OWASP ZAP for DAST
• Trivy for container scanning

Examples

# CI/CD Security Scan Stage
security-scan:
  script:
    - npm audit --production
    - npx snyk test --severity-threshold=high
    - docker run --rm -v $(pwd):/app aquasec/trivy fs /app