We run several security scans on traditional web applications built with JSP, JSF, ASP, etc. and we know to scan them for security vulnerabilities (we use McAfee Secure PCI Compliance Scanning).
However, we are now building a one-page app using Angular and there was this question in the last meeting. How do we apply a security scan?
How do we scan it for security or PCI vulnerabilities? I was reading there are "static code analysis" tools but I'm not convinced they are suitable.
Is "static code analysis" somewhat equivalent to a traditional security scan tool, or not at all?
For starter you can run
npm auditandnpm audit fixcommands to check which vulnerable dependencies you are using right now and try to fix those.