Security

Dependency Vulnerability Scanning

Daily tasks:

Rais a GitHub Issue and tag it as Security

Best effort solve vulnerabilities found and only suppress false positives.

Try to only use active libraries that also updates its dependencies for faster vulnerability fixes. In other words; Avoid "dead" dependencies.

Try to merge dependabot pull-request daily if updates are found.

Exclude transitive dependencies we dont use that includes vulnerabilities.

We will follow NAV Security Blueprints for different communication strategies.

Slack: #sikkerhet #pig_sikkerhet #tokenx