FAQ
Security and Compliance
Questions
Vulnerability Management

Vulnerability Management

What tools do you use for application vulnerability management?

âś… Currently in Use:

Tool

Purpose

Cloudflare (WAF)

Blocks SQLi, XSS, DDoS, bot attacks

GCP Security Center

Monitors for misconfigurations, IAM violations

GKE (Kubernetes)

Isolated container environments, no public internal IPs

Atatus

Application monitoring, alerting, runtime issue tracking

đź”§ In Progress / Planned:

Tool

Purpose

Snyk / Trivy

Scan open-source dependencies for known CVEs (SCA)

Semgrep

Scan source code for injection flaws, insecure patterns (SAST)

Gitleaks / TruffleHog

Detect hardcoded secrets/tokens in Git history