• Must have an online scan either from UI or CLI.

Step 1: Patch the vulnerable dependencies

Once SCA scan is done, we can patch the vulnerable dependencies directly from UI if Source Control (Github/ Gitlab/ Bitbucket) is configured and you know that repo.
Open the SCA results and click on any dependency that is present in the manager file. For this example, we will take pom.xml
And now click on Fox this vulnerability, if success full we get,

Step 2: GitHub Check

On Github, we check if a pull request is generated or not.
PR is requested, which can be merged.