Dgraph Labs' Journey to Continuous Security Audits: 2000+ Security Issues Resolved
2025-05-13
Dgraph Labs implemented a continuous security audit system using GitHub Actions and various toolsets, resolving over 2000 security issues in just three months, significantly improving SOC2 compliance. The system covers code, binary artifacts, and Docker images, leveraging Trivy and Snyk for scanning and GitHub's security tab for issue tracking and remediation. Linters are used for static code analysis and DependaBot for automated fixes. This significantly improved visibility and faster resolution of security issues, setting an example for continuous security improvement.