Skip to content

Latest commit

 

History

History
25 lines (14 loc) · 904 Bytes

SECURITY.md

File metadata and controls

25 lines (14 loc) · 904 Bytes

Security

Dependencies audit

From time to time it's reasonable to audit dependencies for security issues and fix found issues.

Manual (local)

Use the following command to perform audit check and apply automatic fixes if possible.

yarn audit:fix

Automated (CI)

The dependencies audit procedure should be automated by leveraging tools like Dependabot, or GitHub Actions in conjunction with Snyk and similar tools.

Code scanning

Source code should be regularly checked for vulnerabilities by leveraging GitHub Actions with tools like CodeQL and similar. See more here CodeQL Action

Shell scripts

Always inspect shell scripts before executing it on your machine.