Integrating your security scanner
Filter Infield for dependencies with an open CVE
Infield integrates with security scanners so you can prioritize dependency upgrades based on open vulnerabilities. Connect your security scanner and you'll see a "Open CVEs" filter on your dependencies list, where you can filter your packages based on the severity of open CVEs. You can then use Infield to understand what breaking changes sit between the version you're running and the patched one.
Dependabot
When installing Infield, if you use our Github app, we support Dependabot out of the box. This means that Dependabot alerts will be synced in Infield and when prioritizing upgrade work, you can filter on which dependencies in your projects have open CVEs.
Note that you need to have "Dependabot Security Alerts" enabled on your repository within Github. Learn how to set that up.
Other
If you use Snyk or another security scanner, contact us to set up a custom integration for your repository.
Updated 10 months ago