Scan open source components for vulnerabilities and license ratings in Azure Pipelines
Scan open-source components for security vulnerabilities and assess their license ratings when your application builds in Azure Pipelines.
Learning objectives
In this module, you will:
- Learn which tools you can use to inspect open-source software packages for security and license ratings
- Access package and license ratings for open-source components by using WhiteSource Bolt
- Analyze the results of the scan so you can take the appropriate action
Prerequisites
- An Azure DevOps organization
- Visual Studio Code
- .NET Core 3.1
- Git
- A GitHub account