How do you do compliance checks?

Context

I am taking over a project in Health Tech with some already established infrastructure. I will be leading the tech office and the first thing I want to do is to make sure we are compliant with a lot of requirements.

Question

I wanted to stay current and see if anyone here is as crazy as me to do compliance/security checks for gems and dependencies running over users data.

We use gemsurance and bundle-audit to check we are up to date on gem versions and report any CVEs

2 Likes

Twistlock is also pretty good for ticking some of those boxes.

1 Like

We run bundler audit and brakeman for all apps.

1 Like