MyTutor is a UK-based online platform dedicated to one-to-one learning. Through a curated community of tutors, they provide personalised learning experiences to their customers.
I implemented Trivy scanning for the MyTutor application code. Trivy scans for:
- OS packages and software dependencies (SBOM)
- Known vulnerabilities (CVEs)
- IaC issues and misconfigurations
- Sensitive information and secrets
- Software licenses
The scanner runs daily from a GitHub action, which checks out the application code, runs the scanner, and then executes a custom Python script to process the results. The script posts relevant messages to a Slack channel, grouping errors to avoid alert fatigue and listing them in order of priority.