Esra

Hi everyone, I’m not sure this question is directly relevant to the defectdojo but maybe you have an answer. Suppose a SaaS company builds its core product as an internal library, but each customer uses a different version of this library inside their own customer-specific repositories. How should I approach vulnerability management across all these separate customer repos with varying versions? Additionally, is it possible to build an effective vulnerability management pipeline for this kind of setup using DefectDojo?

Hi all, I've recently started working at a scale-up SaaS company. I'm the only security engineer. I want to design a vulnerability management program and set up a self-hosted DefectDojo. The company has 600 repositories. Since vulnerability management hasn't been done before, I don't have any data. Because of this, I'm very confused. I need to determine a scanning strategy and identify the system requirements for DefectDojo. What's the best way to do this?