FAQ
Security and Compliance
Questions
Vulnerability Managment Tool

Vulnerability Managment Tool

We host our infrastructure on Google Cloud Platform (GCP) and run our application on Kubernetes. Our network is protected by Cloudflare, which provides WAF, HTTPS enforcement, DDoS protection, rate limiting, and other critical security controls at the edge.

For vulnerability management, we currently address the most critical and basic risks as follows:

  • Cloudflare handles edge-layer protections including HTTPS enforcement, TLS configuration, bot mitigation, and web application firewall (WAF) rules.

  • GCP provides infrastructure security baselines, IAM management, and firewall configuration. We rely on default secure configurations and restrict public access to our cloud services.

  • We are evaluating the use of the following tools to improve host- and container-level vulnerability management:

    • Google Cloud Security Command Center (SCC) — for infrastructure and misconfiguration alerts

    • Trivy — for container image and Kubernetes node vulnerability scanning

    • kube-bench — to ensure our Kubernetes cluster complies with CIS security benchmarks

    • Nmap — for periodic public port and network surface scans

  • For dependency security and static analysis, we are exploring Snyk and GitHub Dependabot to scan for known vulnerabilities in open-source packages.