After implementing a patch, we execute the complete test suite for the library and add additional tests to verify that the security risk is mitigated. You can review the patch content and the new tests by visiting our open source repository.
We manage vulnerability reports through GitHub's security advisory. Many vulnerability scanners source their data from GitHub's security advisories.
We are dedicated to maintaining stringent security standards to protect our users. We comply with SOC2 and ISO27001 as baseline security measures and implement additional security safeguards. More information about our security initiatives can be found here.
We decide which programming languages and ecosystems to support based on user feedback. We encourage you to contact us at [email protected] to share your needs.
By integrating our solution into their workflows, our users enable us to see which packages are in use. This visibility, combined with monitoring public vulnerability feeds, allows us to know which users are affected and to prioritize remediation efforts accordingly.