Scan Your Code Dependencies for Vulnerabilities (SCA)

Description

Vulnerable code dependencies can cause a range of problems for your project. Jit integrates dependency checkers (SCA tools) to CI/CD to automatically scan the full code base and every new Pull Request.

Language	Package manager	Tool	Detection	Fix guidelines	Remediation
JavaScript	npm	npm-audit	Yes	Yes	-
Python	pip	OSV-scanner	Yes	Yes	Yes
PHP	Composer	OSV-scanner	Yes	Yes	-
Go	dep, go mod	Nancy	Yes	-	-

📘
Monorepo support
Additional configuration steps are required to enable dependency scanning via npm-audit within monorepos. For complete instructions, see Monorepo Support.

Fix Guidelines

When Jit detects a vulnerable package, it searches for a newer version free from that vulnerability. If found, Jit will recommend the specific version you should update to. These recommendations are provided in the form of guidelines within a Pull Request.

Remediation

For some languages and package managers, Jit can auto-generate fix code that resolves the finding. Remediation is made available in two modes:

Remediation in a Pull Request - In those cases, the suggested code is displayed in the PR itself, and the developer can accept it by clicking Commit suggestion.

Inline Remediation in a Pull-Request — Inline Remediation in a Pull Request

Remediation from the Actions page - In those cases, the user views the finding in the Jit Platform and clicks the Create a Fix PR button to generate a new Pull Request which introduces the fix code. In GitHub, the developer will review the newly created Pull Request and merge it to apply the fix.

In the Actions page, the user clicks on Create a Fix PR that creates a new Pull Request with the fix code.

Available Remediation in the Actions Page

Then in GitHub, the Pull Request is created.

The developer can review the fix itself and merge it to apply the fix.