Charlie Williams
Charlie Williams
👆is a good first step (the `advanced-security/cocoapods-dependency-submission-action` scans podfiles and adds their dependencies to your repo's dependency graph/SBOM), but it won't trigger Dependabot findings. According to the readme: > Sadly,...
> Did anyone else wake up to this security disclosure with a bad feeling? > > Check out the details here: [EVA discovered supply chain vulnerabilities in CocoaPods](https://evasec.webflow.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods#technical-remediation-steps). > >...