Hi,
I'm looking for some guidance please on vulnerability scanning of AOT packages for our new Finance & Operations (SaaS) implementation (NB: I'm relatively new to F&O build processes).
As part of our project, we will be developing customisation code that will be built on a Tier 1 environment and then deployed to other environments using LCS.
My understanding is that the build agent will be creating an AOT package (zip file containing a variety of scripts & binaries). Our organisation has a requirement that all build artifacts are scanned for vulnerabilities before they are deployed.
So my question is: Are there any scanning tools (X-Ray, CheckMark etc) that are able to scan these packages?
NB: We will be using the best-practices code checker prior to build, but I don't know whether that will be sufficient for our cyber team.
Thanks!
Tim