Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
27 lines (14 sloc) 1.29 KB

Security testing

Why

When our application gets deployed through our Continuous Delivery pipeline, we want to know that our code is secure, and does not have vulnerable packages installed, so that we don't get owned.

What

Build continuous security into our delivery pipeline, so that we monitor our applications for defects and known vulnerabilities, constantly!

How

NPM Audit

Our starter kits ship out of the box with security audits, done using npm audit. Running npm audit assesses package dependencies for security vulnerabilities and allows us to find and fix known vulnerabilities in dependencies that could cause data loss, service outages, unauthorized access to sensitive information, or other issues.

Failing the audit will cause the pipeline to fail, so you should address the issues before pushing any code. To automatically install any compatible (not semver-major) updates to vulnerable dependencies, run npm audit fix. For more information, please refer to the NPM documentation.

Who

@everyone

References

You can’t perform that action at this time.