🎯 Aim

The purpose of this issue is to investigate the feasibility and added value of integrating the osv-scanner into our Django template project. This exploration will assess whether osv-scanner can complement or enhance the security measures provided by GitHub Dependabot by identifying known vulnerabilities in the dependencies used by our Django projects.

📕 Context

Our Django template project is designed to streamline the setup of new Django projects with predefined configurations. These projects often utilize various external packages, necessitating robust security and dependency management practices. Currently, we use GitHub Dependabot to monitor and update dependencies based on known vulnerabilities. As we continually update and expand our dependencies, we are interested in assessing whether integrating osv-scanner can provide additional security benefits.

📝 Relevant resources/doc's/people

• OSV-Scanner GitHub Repository
• GitHub Dependabot Documentation

✅ Acceptance Criteria

1. Comparative Analysis: An analysis comparing osv-scanner with GitHub Dependabot, focusing on features, efficiency, and detection capabilities.
2. Architecture Decision Record (ADR): Document the results of the osv-scanner analysis in an ADR to formally capture the decision-making process and outcomes.