Control: 3.2.2 Ensure packages are automatically scanned for known vulnerabilities
Automatically scan every package for vulnerabilities.
Automatic scanning for vulnerabilities detects known vulnerabilities in packages and dependencies in use, allowing faster patching when one is found. Such vulnerabilities can lead to a massive breach if not handled as fast as possible, as attackers will also know about those vulnerabilities and swiftly try to take advantage of them. Scanning packages regularly for vulnerabilities can also verify usage compliance with the organization’s security policy.
Ensure automatic scanning of packages for vulnerabilities is enabled.
Set automatic scanning of packages for vulnerabilities.
Run the control in your terminal:
steampipe check github_compliance.control.cis_supply_chain_v100_3_2_2
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share github_compliance.control.cis_supply_chain_v100_3_2_2
This control uses a named query:default_branch_pipelines_scan_for_vulnerabilities