the tool should: - be independent of git hosting - has the ability to ignore certain vulnerabilities in dependencies and dev dependencies - easy to add to the ci/cd
