Rewrite code for each update of your favorite framework or keep track of vulverability database of NIST? Delete vulnerable component from internal repository or understand is vulnerability applicable for us? How to start scan 500 kkloc and keep teams informed about vulnerabilities of components used by them?
...