Our results may seem redundant but these are necessary. We begin with scanning and monitoring of our source in a Git repository by enabling Snyk's GitHub integration. This provides immediate insights into open source dependency vulnerabilities in our application. However, as developers can feature branch new vulnerabilities may be introduced as these may take place as out-of-band pipeline builds. However, since we are including the Snyk CircleCI Orb in our configuration file, we perform an additional scan and report our findings back.