Application Code Security Scanner for MyTutor

MyTutor is a UK-based online platform dedicated to one-to-one learning. Through a curated community of tutors, they provide personalised learning experiences to their customers.

I implemented Trivy scanning for the MyTutor application code. Trivy scans for:

  • OS packages and software dependencies (SBOM)
  • Known vulnerabilities (CVEs)
  • IaC issues and misconfigurations
  • Sensitive information and secrets
  • Software licenses

The scanner runs daily from a GitHub action, which checks out the application code, runs the scanner, and then executes a custom Python script to process the results. The script posts relevant messages to a Slack channel, grouping errors to avoid alert fatigue and listing them in order of priority.