Dependency scanning automatically checks a project’s software dependencies (libraries, frameworks, packages) for known vulnerabilities. Tools like Dependabot, Snyk, or OWASP Dependency-Check compare the versions in use against CVE databases.
Modern applications consist of 80-90% third-party code. A single vulnerable library can compromise the entire product — Log4Shell demonstrated this in 2021. Dependency scanning therefore belongs in every CI/CD pipeline. Good scanners provide reachable code paths and available patches in addition to CVE numbers.