Securing the Supply Chain: Vulnerability Scanning for Julia
Mridul Ranjan Upadhyay, Venkatesh Dayanand
Professional Julia use requires industrial security. This challenge is unique because risks often hide in binary dependencies (JLLs) that standard tools ignore. This talk, following the launch of the Julia Security Working Group, shows how Trivy was adapted to scan the entire Julia dependency graph. We explore the implementation of this workflow within JuliaHub to provide automated security auditing and SBOM generation for any Julia project, ensuring safety for all.