Software Production Security
Diffgram uses Dependabot. Dependabot automatically alerts vulnerabilities affecting our repository.
Dependabot Automatic Security Updates
This allows us to automate 95% of the work of upgrading to non-vulnerable dependencies when issues are detected.
This helps us understand our dependencies. This public graph also allows you to quickly inspect underlying issues. For example, you can clearly see none of our dependences have log4j.
Inspect Dependencies By Service
You can certify the entire chain:
infra k8s helm
dispatch - not used in production
Diffgram uses codes scanning integrated into our CI process. You can inspect this on github.
We have enabled automatic monitoring for secrets in cleartext. We use a secret store to manage populating secrets.
Updated 11 months ago