Secure coding practices for external packages

Last updated: February 2, 2024

Edit on GitHub

Unsafe coding practices can expose your application to the theft of sensitive data. In this document, we recommend coding practices for developing your app to ensure its security.

How to add new external package to your project

Before adding a new external package to your project, make sure to comply with the following security recommendations:

Regularly check security

Check that the package has no known security vulnerabilities.
To regularly check all packages, add an automated SAST&SCA tool to your CI/CD.

Perform regular compliance checks

Every package comes with a license. Do the following:

Check with your legal team that you can use the package with its license.
To regularly check all packages, add an automated tool to your CI/CD.

We recommend Snyk for all the listed recommendations. However, you are free to use any other tool.

Was this article helpful?

Tell us what could be better

Name (Optional)

Email (Optional) Invalid email format.

Type your thoughts here

We appreciate the time you took to share the feedback
and will consider it as soon as possible.

Secure coding practices for external packages

How to add new external package to your project

Regularly check security

Perform regular compliance checks

Thank you!