Check if package vulnerability scanning is enabled for dependencies in the repository
repository_dependency_scanning_enabled
Implement scanning tools to detect, prevent, and monitor known open-source vulnerabilities in packages used within the organization's projects. This check verifies that dependency/package vulnerability scanning (e.g., Dependabot alerts) is enabled for the repository.
Risk
If package vulnerability scanning is not enabled, known vulnerabilities in dependencies may go undetected, increasing the risk of exploitation and security breaches.
Run this check with Prowler CLI
prowler github --checks repository_dependency_scanning_enabled
Remediation
Enable Dependabot alerts or another package vulnerability scanner in the repository settings to automatically detect and alert on vulnerable dependencies.
Source Code
References
Resource Type
GitHubRepository