Vulnerability Scanning Automate security vulnerability detection across code, dependencies, and containers. Dependency Scanning Container Scanning (Trivy) GitHub Actions Integration Code Analysis (Bandit for Python) Node.js Scanner Best Practices - Integrate scanning in CI/CD pipeline - Fail builds on high/critical findings - Scan dependencies and containers - Track vulnerabilities over time - Document accepted false positives Tools - Trivy (containers, filesystem) - Snyk (dependencies, code) - npm audit / yarn audit - Bandit (Python) - OWASP Dependency-Check ---