Known Vulnerabilities in pipelines

[wurstbrot]

The description of Secure Build -> Software Dependencies -> Level 3 is a bit old fashion.

Old: You integrate SCA into a pipeline to get informed known vulnerabilities
New: You detect vulnerabilities in the production cluster. Sample open source setup is Trivy Operator in Kubernetes which is pushing SBOMs to Dependency Track directly before they are set in production.

I am happy to adjust description and draft a PR after your approval.