Third-party code dependence introduces significant security risks, amplified by AI-generated code vulnerabilities. Traditional dependency scanners are insufficient for modern application security needs. GitLab 19.0 introduces SBOM-based dependency scanning to address these challenges effectively. This feature inventories project dependencies, identifying vulnerable packages your application actually uses. The scanning process traces transitive dependencies to their origin, providing critical context. It also prioritizes vulnerabilities based on code reachability, improving focus. The system continuously scans for new vulnerabilities, ensuring ongoing protection. GitLab's SBOM scanner supports numerous package ecosystems. It now simplifies the addition of new languages and file formats. Security configuration profiles streamline deployment and enforcement across projects. Teams can configure dependency scanning once and apply it widely using policies. The new dependency scanning feature is available for GitLab Ultimate users, with a migration guide. Detailed instructions and documentation facilitate easy set-up and usage.