Hi, One extra point that is worth mentioning. On several occasions, I’ve seen automation give a false sense of security. A tool reports everything as clean, and people assume the release is fine when it is not. It’s only when humans look deeper that a serious issue is discovered. For example, a mention of a GPL license can be fine, depending on the context, and automation is unlikely to detect it.
Kind Regards. Justin
