We are currently signed up for Deepsource with several repos for dependency checking.
Currently the Vanta integration does not report issues in dependencies. This is causing us some issues internally regarding tool choice going forward so I wonder if this feature is in any way planned (I did look at the roadmap and could not see it). If not can I please ask that it gets added or some info can be given about it’s priority as it may help others in the same boat.
Hey @mikeh – Currently our Vanta integration reports security issues in your code. Support for reporting vulnerabilities in dependencies is being worked on and is scheduled to be released early May 2025. I’ll share a note once it is released.
Hi @jai - Any update on the timeline for the release? Thank you!
@mikeh @OliverCEnos Update: If you have the Vanta integration set up, dependency vulnerabilities (when SCA analysis is enabled) are now automatically reported to Vanta. No action is required from you. In the coming weeks, we plan to add an option in the dashboard that lets you independently toggle the reporting of Code Security and SCA reports to Vanta.
Thank you @jai, I appreciate the update!