infrastructure
Vulnerability scanning conducted
Automated vulnerability scans performed weekly with remediation tracking.
PassingLow RiskFully Automated
Owner
Infrastructure Team
Last Tested
10/6/2025
Test Frequency
Weekly
Maturity Level
Level 4 / 5
Framework Mappings
Evidence (5)
Vulnerability scanning is enabled (GitHub)
This test verifies that vulnerability scanning (via Dependabot) is enabled for your GitHub repositories, allowing you to identify and manage software vulnerabilities effectively.
VULNERABILITY MANAGEMENT•TEST
Critical vulnerabilities identified in packages are addressed (GitHub Repo)
This test ensures that all critical severity vulnerabilities identified by GitHub's Dependabot in your repositories are addressed and resolved.
VULNERABILITY MANAGEMENT•TEST
High vulnerabilities identified in packages are addressed (GitHub Repo)
This test ensures that all high severity vulnerabilities identified by GitHub's Dependabot in your repositories are addressed and resolved.
VULNERABILITY MANAGEMENT•TEST
Low vulnerabilities identified in packages are addressed (GitHub Repo)
This test ensures that all low severity vulnerabilities identified by GitHub's Dependabot in your repositories are addressed and resolved.
VULNERABILITY MANAGEMENT•TEST
Medium vulnerabilities identified in packages are addressed (GitHub Repo)
This test ensures that all medium severity vulnerabilities identified by GitHub's Dependabot in your repositories are addressed and resolved.
VULNERABILITY MANAGEMENT•TEST
Related Policies
Control Information
- Control ID
- vulnerability-scanning-conducted
- Category
- INFRASTRUCTURE
- Family
- infrastructure
- Last Updated
- 10/6/2025