DevOps / Build, Test, Deploy / Dependency Monitoring
Avatar of bryan9839
SRE Manager at Subsplash·

I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

3 upvotes·132.2K views