Information about technical vulnerabilities of information systems in use shall be obtained, the organization's exposure to such vulnerabilities shall be evaluated and appropriate measures shall be taken.
Our self-hosted Harbor container registry includes Trivy vulnerability scanner functionality, allowing us to identify vulnerabilities in our container images and generate Software Bill of Materials (SBOM). This enables us to maintain comprehensive oversight of our dependencies and their associated risks.
With Trivy integrated into our development workflows, we conduct vulnerability scans during the development phase itself. This means potential security issues are identified and mitigated early in the application lifecycle, reducing the likelihood of vulnerabilities manifesting in production.
We utilize Renovate Bot to monitor our project dependencies continuously. This bot checks for available updates and automatically creates pull requests for version changes. This ensures our software remains up-to-date with the latest security patches and improvements, tailored to our specific needs.
To ensure our customers' Linux servers and Kubernetes clusters are secure and optimized, we conduct regular service windows-occurring almost weekly-during which we roll out necessary updates and changes from Linuxaid, and Kubeaid, respectively. This practice not only keeps systems current but also minimizes exposure to known vulnerabilities.