Why you should scan your code within your pipelines

Like many I received this email from GitHub a couple of weeks ago on an old repository:


















This made me think about how important security scanning is in this day and age. Your code might have been top notch a couple of years ago, and being dangerous today.
So, to have a bit of a laugh, I hooked up WhiteSource Bolt to a build of that code to see the actual outcome on the open source libraries used there.
WhiteSource Bolt is also free for Azure DevOps, so there is really little stopping you from scanning your code 😊this is the (kind of expected result):
























































This is code from a couple of years ago – do you think your code from two years ago is still as good as it was back then? ðŸ˜Š