Signup For Continuous Node Security Monitoring
As of right now you can sign up for our new continuous security monitoring service to help keep known vulnerabilities out of your production code. This release took a lot of work and we hope you enjoy it.
This service, built upon the existing knowledge and auditing efforts of the Node Security team, allows you to hook up your GitHub repositories for continuous security monitoring of your third-party dependencies. This means they will get checked for known security flaws and do so while staying within the workflow of tools you are already comfortable with.
Summary of current features (to which we will be expanding upon)
- Public / Private GitHub repository support
- Check for security flaws on pull request
- Daily checks prevent inactive repositories from being ignored
- Advisory management UI to acknowledge and ignore advisories that you deem are not a threat to your code
To honor our open source roots we’ve made the basic daily security checks and pull request checks free for open source. Additional features and private repositories are currently just $1 / repository (but we give you one of those for free too).
I’d also like to thank some of our early users / friends that provided feedback and encouragement.
- Wyatt Preul
- David Dias
- Alan Shaw / Oli Evans (tableflip.io)
- Nelson Correia (dwyl.io)
- Feross Aboukhadijeh
While we have come a long way over the years, we still have a long way to go. Please let others in the community know about nsp and encourage them to adopt it as part of their standard workflow.
❤’s from the Node Security team
