Diffgram uses Dependabot. Dependabot automatically alerts vulnerabilities affecting our repository.
This allows us to automate 95% of the work of upgrading to non-vulnerable dependencies when issues are detected.
This helps us understand our dependencies. This public graph also allows you to quickly inspect underlying issues. For example, you can clearly see none of our dependences have log4j.
Diffgram uses codes scanning integrated into our CI process. You can inspect this on github.
We have enabled automatic monitoring for secrets in cleartext. We use a secret store to manage populating secrets.
Updated over 1 year ago