https://romanoroth.com/en/tags/code-scanning/Recent content in Code Scanning on Romano RothHugo -- gohugo.ioenRomano RothMon, 22 May 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-vulnerability-management/Mon, 22 May 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-vulnerability-management/<p>We have spent the previous eight sessions adding scanners to our GitHub DevSecOps pipeline — SCA, SAST, container scanning, secret detection, DAST. The scanners now produce a steady stream of findings, and the question is: where do we manage them? In Part 9, Patrick Steger and I look at GitHub&rsquo;s built-in Vulnerability Management — the Security Tab — and call out what it does well and what is still missing.</p>