Source Code Scanning Application Services

The government of New Brunswick, Canada, is seeking a vendor to provide source code scanning application services. The objective of this initiative is to identify security vulnerabilities and license risks within software projects to support secure and compliant development practices.

The selected solution must enable automated scanning of source code, bytecode, or binaries across major programming languages, with integration into common build pipelines such as Jenkins, GitHub Actions, and Azure DevOps. The tool should generate actionable reports for developers, prioritizing issues by severity and offering visualization of scan results, trends, and compliance status across a portfolio of applications. Additional requirements include the ability to identify open-source and third-party components, detect known vulnerabilities and license risks, and suggest or automatically apply fixes.

To enhance the developer experience and advance remediation efforts, the service should support scanning code directly within code editors, provide comprehensive dashboards for monitoring security posture and risk, and integrate seamlessly with DevSecOps workflows. Support for cloud-native, mobile, and legacy applications is essential for enabling continuous improvement in secure software development.