Security Scan Tools

Problem statement

Is there any security scans report available like Fortify scan, Sonar scan, Blackduck etc. for the Deploy CLI and Management Client npm packages? Our security team is looking for security assessment


We don’t have publicly shareable reports however, we use the following tools for security analysis as of today

Dynamic Application Security Tools:
Detectify: Web application Scanning
StackHawk: API scanning

Static Application Security Tools:
SemGrep: Code scanning
Snyk: SCA(Software Composition Analysis) scanning for dependencies and containers

Infrastructure Security Tools: