I'm sure there's enough demand for someone to sell a service that attempts this, but for several of the reasons mentioned in the post I expect it would be ineffective.
When you run all your code and all its dependencies with full authority, it only takes one tiny piece of malicious code to blow the whole system wide open. I think scanning will always be a losing battle.
When you run all your code and all its dependencies with full authority, it only takes one tiny piece of malicious code to blow the whole system wide open. I think scanning will always be a losing battle.