πŸ” Secure Development

Aside from the Secure Development Principles, we're using several tools during development as a gateway before each release and deployment, to reduce risks and avoid common pitfalls.


Standard JavaScript Style

Style Status
Standard JavaScript Standard Style Badge

This module enforces JavaScript development best practices in different ways:

  • Automatically format code: Ease code maintenance and prevents messy or inconsistent code.
  • Catch style issues & programmer errors early: Save precious code review time by eliminating back-and-forth between reviewer & contributor, avoiding common style issues that may impact security.

Any alert of any severity breaks our build and deployment process until resolution.

Learn more about Standard JavaScript Style and its Enforced Rules


Security Checks

SalesTim enforces security best practices and proactive vulnerabilities detection through different automated checks:

Security Check Status
ESLint Security ESLint Security Badge Vulnerabilities
NPM Audit NPM Audit Badge Vulnerabilities
GitHub Security Alerts GitHub Security Alerts Badge Vulnerabilities

ESLint Security

This security plugin helps us to identify potential security hotspots during development, take proactive countermeasure and therefore enforce our security best practices.

Any alert of any severity breaks our build and deployment process until resolution.

Learn more about ESLint Security Plugin and its Security Rules

NPM Audit

This tool from Node Package Manager performs a moment-in-time security review of our project’s dependency tree and looks for known vulnerabilities.
Audit reports contain information about potential security vulnerabilities in our dependencies and helps us fix a potential vulnerability by providing recommendations for further troubleshooting.

Any alert of any severity breaks our build and deployment process until resolution.

Learn more about NPM Audit

GitHub Security Alerts

The SalesTim Platform sources and build tools are hosted on a secure GitHub enterprise environment.
GitHub automatically tracks public vulnerabilities in packages from supported languages on MITRE's Common Vulnerabilities and Exposures (CVE) List, and use a combination of machine learning and human review to detect vulnerabilities that are not published in the CVE list.
When GitHub discovers or is notified of a new vulnerability, the SalesTim team is notified with a security alert. Each security alert includes a severity level and a link to the affected file in our projects. When available, the alert will include further details about the vulnerability and a suggested fix.

Any alert of any severity breaks our build and deployment process until resolution.

Learn more about GitHub Security Alerts


Environments Isolation

Protected branches ensure that collaborators on our repository cannot make irrevocable changes to branches. Enabling protected branches also allows us to enable other optional checks and requirements, like required status checks and required reviews.
Branch protection is linked to our automated CI/CD platform on Azure DevOps:

Environment Branch CI/CD Status
integration Integration Branch Build Status
uat Uat Branch Build Status
production Production Branch Build Status
Last Updated: 6/1/2019, 7:08:08 PM