Code Security
Security By Design
Security is a top priority at Scalingo. We follow the principle of “Security By Design”, which means that security is built into the platform from the ground up. This ensures that the platform is secure by default and that security is considered at every stage of the development process.
In detail, this means that we identify security requirements at the beginning of the development process and that we use secure coding practices to ensure that the platform is protected from common security vulnerabilities. We also perform regular security reviews to identify and fix security vulnerabilities before they can be exploited.
Code Review
All code changes are reviewed by our development team to ensure that they do not introduce security vulnerabilities. We use automated tools to scan the code for common security vulnerabilities and we perform manual code reviews to catch any vulnerabilities that the automated tools may have missed.
Secure Development
All code changes are reviewed by our development team to ensure that they do not introduce security vulnerabilities. We use automated tools to scan the code for common security vulnerabilities.
Dependency Management
We regularly update the dependencies used by the platform to ensure that they are up-to-date and that they do not contain any known security vulnerabilities. We use automated tools to scan the dependencies for security vulnerabilities and we update them as soon as a vulnerability is detected.
Vulnerability Management
We have a vulnerability management program in place to detect and respond to security vulnerabilities in the platform. We use automated tools to scan the platform for security vulnerabilities and we have procedures in place to patch the vulnerabilities as soon as they are detected.
Change Management
All changes to the platform are reviewed by our development team to ensure that they do not introduce security vulnerabilities. We use automated tools to scan the changes for security vulnerabilities and we perform manual code reviews to catch any vulnerabilities that the automated tools may have missed. Our change management process includes an analysis of the security impact of the changes prior to the development phase and a security review of the changes prior to the deployment phase.