Trendsic transitioned a digital health client from Project-Level Code Scanning to Container-Level and Transitive Dependency Scanning — eliminating every discovered vulnerability and turning the strategy into a company-wide security policy.
Trendsic carried out an extensive software security initiative for a client in the digital health sector, where protecting sensitive systems and data from emerging vulnerabilities is a critical, ongoing responsibility.
The client’s existing security practice relied solely on Project-Level Code Scanning — checking top-level dependencies declared in project files before the application was built and shipped to production as a container, with no additional checks performed once it left the build pipeline.
Project-Level Scanning alone left significant blind spots once code was built, containerized, and shipped to production.
Project-Level Scanning only checked top-level dependencies declared directly in project files. Transitive dependencies — packages pulled in indirectly, as with .NET, that don’t appear until the application is published — went largely unchecked and unmonitored.
Once built, the application was packaged into a container and shipped to production without further security checks. Container packages and libraries — which often run with higher privileges and are more susceptible to vulnerabilities — had no scanning coverage at all.
Trendsic expanded the client’s scanning strategy to include Container-Level and Transitive Dependency Scanning, integrating it into a CI pipeline to catch vulnerabilities before they reach production.
Scanning expanded to all dependencies, uncovering 4 previously unnoticed issues in indirect packages. Vulnerable versions were then promoted to top-level dependencies and pinned there until each maintainer shipped a fix.
Containers were scanned for vulnerable packages and libraries before shipping to production, and the container base was migrated from Debian to a minimal Alpine image, eliminating 15 vulnerabilities found in container library code.
Mitigation steps were embedded directly into Continuous Integration (CI) pipelines and daily container scans as Trendsic worked with the client’s security team to formalize the approach as company-wide policy.
This attention to detail reflects the same kind of precision brought to all our cybersecurity solutions — identifying overlooked risk and turning it into repeatable, automated processes rather than one-time fixes.
The transition to Container-Level and Transitive Dependency Scanning gave Trendsic’s digital health client a far more comprehensive view of its software supply chain — drastically reducing vulnerabilities from 19 to 0 in user-space code and transitive dependencies. It’s the same cutting-edge approach to secure software engineering Trendsic brings to cybersecurity clients across Louisiana and nationwide.
Are blind spots in your container images or transitive dependencies putting your software at risk? Trendsic can assess your existing scanning practices and implement a comprehensive, policy-backed vulnerability detection strategy tailored to your environment.
CONTACT US