Skip to main content

How are dependencies checked for vulnerabilities?

Written by amaise Support

How are dependencies checked for vulnerabilities?

amaise automatically checks all third-party dependencies with every build:

Tool

Language

Behavior

OWASP Dependency Check

Java

Build fails on CVSS ≥ 7

Snyk

Python

Continuous monitoring with alerting

npm audit

TypeScript

With every build

pip-audit

Python

With every build

Additionally, license checks are performed: Copyleft licenses (AGPL, GPLv3, SSPL) are blocked in all languages to avoid supply chain risks.

All dependencies are version-locked (no floating versions). The runtimes and frameworks in use are kept on the current LTS major versions. Dependencies are sourced exclusively from official registries (Maven Central, PyPI, npm).

Did this answer your question?