Closed
Description
We use AquaSec Trivy in some of our other projects for scanning our source code as well as built containers for possible security issues related to our third-party dependencies (e.g. packages installed with apt-get or yarn), and should consider the same for code-server
This would complement the audit-ci tool that we have already integrated.