Hi,
My name is Lucian and I am SRE Observability Engineer at Mambu GmbH. We are working on a custom solution based on Prometheus, and we have some questions from security perspective as following: 1. How is the Prometheus design performed ? Are you considering security requirements in architecture and design phase of the product and new features ? 2. Are you performing code reviews ? If yes, security checks are part of it ? 3. How dependencies are managed? 3.1 Are you scanning for vulnerable dependencies ? 3.2 How are dependencies reviewed before added to the product, and how vulnerable or non-maintained dependencies are handled ? 4. How the source code is checked for vulnerabilities (E.g. Static code analysis, penetration tests …) ? 5. How the build process is secured ? Thank You . Regards, Lucian Iordache SRE Observability Engineer Mambu -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/13b4a798-fa97-4c60-81d8-08cd4b793219%40googlegroups.com.
