We are currently signed up for Deepsource with several repos for dependency checking.
Currently the Vanta integration does not report issues in dependencies. This is causing us some issues internally regarding tool choice going forward so I wonder if this feature is in any way planned (I did look at the roadmap and could not see it). If not can I please ask that it gets added or some info can be given about it’s priority as it may help others in the same boat.
Hey @mikeh – Currently our Vanta integration reports security issues in your code. Support for reporting vulnerabilities in dependencies is being worked on and is scheduled to be released early May 2025. I’ll share a note once it is released.