...
https://github.com/hyperledger/besu/security/dependabot
LGTM
is built on top of CodeQL
currently failing (OOM)running on PRs
CodeQL analysis
This doesn't provide anything better than sonar cloud.
Running on main3324And it took 19 minutes https://github.com/hyperledger/besu/runs/4933198025?check_suite_focus=true
Trivy
Teku uses Trivy, and scans the develop docker images. So scan results only include runtime dependencies not build or test dependencies. See https://github.com/ConsenSys/teku/blob/master/.circleci/config.yml
...