Security tooling and processes

This page contains information on tools and processes we run within the Security team.

If you want to document sensitive information, you can either:


SAST scanning

We use a combination of tools within the team to cover a number of different types of vulnerability.

  • We use Checkov to scan our Terraform infrastructure.
  • We use Trivy to scan containers for issues with dependencies.
  • We use SonarCloud to scan our code in sourcegraph/sourcegraph for vulnerabilities