The description of Secure Build -> Software Dependencies -> Level 3 is a bit old fashion.
Old: You integrate SCA into a pipeline to get informed known vulnerabilities
New: You detect vulnerabilities in the production cluster. Sample open source setup is Trivy Operator in Kubernetes which is pushing SBOMs to Dependency Track directly before they are set in production.
I am happy to adjust description and draft a PR after your approval.
The description of Secure Build -> Software Dependencies -> Level 3 is a bit old fashion.
Old: You integrate SCA into a pipeline to get informed known vulnerabilities
New: You detect vulnerabilities in the production cluster. Sample open source setup is Trivy Operator in Kubernetes which is pushing SBOMs to Dependency Track directly before they are set in production.
I am happy to adjust description and draft a PR after your approval.