Conventional software development systems require a lot of manual effort from Developers who collaborate on software projects. A Scrum team is a team of Developers that collaborate on complex software projects. Whenever a third party library is added to a software project a spreadsheet is updated by the Scrum team. This process places the responsibility of updating the spreadsheet on each Developer. This task may be forgotten or neglected when a Developer is faced with a pressurized deadline. As such, there is no guarantee that unapproved third party software versions are used or have made their way into the software product without some manual form of validation. Manual validation of third party software is extremely time consuming. As such, security vulnerabilities within older versions of plugins, or newer ones, may not be identified.
In a conventional approach, a Build Engineer or equivalent, reviews the entire code-base after a build, gathers the artifacts, and painstakingly, manually and visually, examines each artifact and compares them to the spreadsheet. This can take a number of days or weeks to complete. And, mistakes can easily be made that can expose the Developer to litigation. To find vulnerabilities or legacy plugins or deprecated plugins, one or more individuals would have to analyze the old plugins manually, which may not be possible without support.