-
We use Sonatype Nexus Repo to manage open source dependencies and artifacts
-
Use Nexus Firewall and Lifecycle to detect and block components which have vulnerabilities
-
Automatic scan project to detect potential security issues
-
Use code analysis tools to scan and fix potential issues
-
Pair programming to write better code
-
Code review against security check list
-
Try to reproduce and investigate issue as quick as possible while minimizing the impact