The dependency vulnerability gap that CI/CD can’t fix
Every project I’ve worked on has the same setup: osv-scanner or Dependabot wired into CI, which fails the build if a known CVE is found. It feels complete. It isn't.
Here’s the gap: CI runs at push ti
minikin.hashnode.dev3 min read