Skip to content

feat(security): integrate SCA dependency vulnerability scanning with CI gate thresholds#1184

Merged
Devsol-01 merged 1 commit into
Devsol-01:mainfrom
TheFaith-Code:nestera-branch
Jul 6, 2026
Merged

feat(security): integrate SCA dependency vulnerability scanning with CI gate thresholds#1184
Devsol-01 merged 1 commit into
Devsol-01:mainfrom
TheFaith-Code:nestera-branch

Conversation

@TheFaith-Code

Copy link
Copy Markdown
Contributor

Integrates dependency vulnerability scanning into CI with enforcement thresholds:

  • SCA tool: Custom pnpm audit wrapper with severity thresholding, advisory suppression, and report generation
  • CI gate: dependency-scan job runs on every PR/push; build job depends on it, failing the pipeline on high/critical vulnerabilities
  • Report output: Clear plain-text report uploaded as a CI artifact
  • Suppression: Only allowed with documented justification (advisoryId + justification required in .dependency-suppressions.json)

Closes #1166

…CI gate thresholds

- Add custom pnpm audit wrapper with severity thresholding
- Add CI dependency-scan job that fails on high/critical vulnerabilities
- Add suppression mechanism requiring documented justification
- Add clear report output uploaded as CI artifact
- Add unit tests for SCA library

Closes Devsol-01#1166
@vercel

vercel Bot commented Jul 3, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
nestera Ready Ready Preview, Comment Jul 3, 2026 10:26am

@drips-wave

drips-wave Bot commented Jul 3, 2026

Copy link
Copy Markdown

@TheFaith-Code Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Devsol-01 Devsol-01 merged commit e329e39 into Devsol-01:main Jul 6, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Backend] - Add Security Scanning Gate for Backend Dependencies (SCA)

2 participants