Automated vulnerability scanning and vulnerability management (mrmcd25)

Within software development you will experience vulnerabilities, misconfigurations and sadly lazy developers and operations people taking shortcuts. I will talk over the experience of implementing automated vulnerability scaning and the abilities there and have the results handled in the vulnerability managment tool DefectDojo. Automated vulnerability scanning is a useful practice to find a lot of especially low hanging fruits within developed software. Especially vulnerable libaries and misconfigurations can be found relatively easy. Repositories, Docker containers and virtual machines can be scanned for problems before an attacker does. Vulnerability management tooling will help you rate, coordinate and close vulnerabilities through visibility for the developers and managers. I will go over the possibilities and share some experience of implementing it. https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://talks.mrmcd.net/2025/talk/JTJP8E/