Every code change is peer reviewed by our experienced developers before it is merged to the main branch. This includes a thorough review in terms of security. In addition, existing code and application logic are frequently re-evaluated and discussed. To be able to do this, our developers constantly keep up to date with the latest developments in the Infosec community regarding new vulnerabilities as well as new strategies to attack software. This includes regular informal penetration testing by our developers on our development servers. In addition to manual reviews, all of our code is tested as part of our continuous integration pipelines using multiple static (SAST) application security testing tools. We also use automated tools to test all of our third-party dependencies for known vulnerabilities (Software Composition Analysis). You can find the latest vulnerability report here.