...
https://github.com/hyperledger/besu/security/dependabot
LGTM
running on PRs
CodeQL analysis
This doesn't provide anything better than sonar cloud.
Running on main3324And it took 19 minutes https://github.com/hyperledger/besu/runs/4933198025?check_suite_focus=true
Trivy
Teku uses Trivy, and scans the develop docker images. So scan results only include runtime dependencies not build or test dependencies. See https://github.com/ConsenSys/teku/blob/master/.circleci/config.yml
...