The vendor should run a dependency check 1x each sprint.
This on-going story serves as a reminder that the developer should check the dependencies under the "Security" tab in GitHub each sprint to make sure there are no critical/high vulnerabilities.
Note that:
[ ] High/critical vulnerabilities should be addressed right away.
[ ] Vulnerabilities that are applicable to this project should be addressed right away.
[ ] All other non-high/critical vulnerabilities or vulnerabilities that are not applicable to the project should be addressed at least every 6 months.
The vendor should run a dependency check 1x each sprint.
This on-going story serves as a reminder that the developer should check the dependencies under the "Security" tab in GitHub each sprint to make sure there are no critical/high vulnerabilities.
Note that:
[ ] High/critical vulnerabilities should be addressed right away.
[ ] Vulnerabilities that are applicable to this project should be addressed right away.
[ ] All other non-high/critical vulnerabilities or vulnerabilities that are not applicable to the project should be addressed at least every 6 months.