• We use Sonatype Nexus Repo to manage open source dependencies and artifacts

  • Use Nexus Firewall and Lifecycle to detect and block components which have vulnerabilities

  • Automatic scan project to detect potential security issues

  • Use code analysis tools to scan and fix potential issues

  • Pair programming to write better code

  • Code review against security check list

  • Try to reproduce and investigate issue as quick as possible while minimizing the impact