Dependency vulnerability scanning for Ruby and Node projects

Known vulnerable dependencies are one of the easiest attack paths to close. I scan lockfiles in CI, fail builds on high-severity issues that have fixes, and document exceptions tightly. The goal is not zero alerts at any cost; the goal is fast visibility and clear remediation paths.