Code repo, Library, and Dependencies Scan

Currently we scan all of our code repositories with Synopsis Covarity, and we scan all of our libraries and dependencies with Synopsys Blackduck.

How can these tools or equivalent be best integrated with a Dataiku Project-Application that will be deployed to production?

How are the Dataiku Visual recipes scanned?

How are Dataiku Connections scanned?

How are Dataiku plugins scanned?

We need these for SOC-2 compliance.

Operating system used: centos