Tools and Services
Integrated Development Environment (IDE)
| Provider | Description | Terms Of Use |
|---|---|---|
| Visual Studio | IDE for C# built by Microsoft | Notes |
| Visual Studio Code | IDE for JS and C# built by Microsoft | Notes |
IDE Extensions
Visual Studio Code
| Provider | Description | Terms Of Use |
|---|---|---|
| ESLint | Find and fix problems in your JavaScript code. ESLint statically analyzes your code to quickly find problems. It is built into most text editors and you can run ESLint as part of your continuous integration pipeline. | Notes |
| Prettier | An opinionated code formatter. | Notes |
| EditorConfig | EditorConfig helps maintain consistent coding styles for multiple developers working on the same project across various editors and IDEs. | Notes |
Web Browsers
| Provider | Description | Terms Of Use |
|---|---|---|
| Microsoft Edge | Browser built by Microsoft | Notes |
| Google Chrome | Browser built by Google | Notes |
Build Automation
| Provider | Description | Terms Of Use |
|---|---|---|
| Cake | Build system for DotNet | Notes |
| Vite | Next Generation Frontend Tooling | Notes |
Dependencies
The SBOM for each application can be found for each repository in GitHub under Insights -> Dependency graph. An aggregated view is available on organization level.
- Read more about Dependency graph
- Read more about Dependency insights
Vetting Tools for Dependencies
GitHub Advanced Security is used to automatically detect, monitor, and vet dependencies in all repositories. The dependency graph and Dependabot features identifies outdated or vulnerable packages and keep our software supply chain secure. All project dependencies are regularly reviewed and updated based on alerts and recommendations from GitHub Advanced Security.
The security findings for each application can be found for each repository in GitHub under Security -> Dependabot. An aggregated view is available on organization level.
Vulnerability Management
GitHub Advanced Security is used for continuous vulnerability management. It provides automated alerts for vulnerable dependencies, code scanning for security issues, and secret scanning to prevent accidental exposure. Dependabot automatically creates pull requests to remediate vulnerabilities, ensuring prompt response and mitigation. All repositories are required to have these features enabled and monitored. This is ensured using global rules forced to all existing repositories and all newly created repositories in the organization.
The security findings for each application can be found for each repository in GitHub under Security -> Code scanning. An aggregated view is available on organization level.
Security Tools
| Provider | Description | Terms Of Use |
|---|---|---|
| GitHub Advanced Security | - Automated dependency vetting and vulnerability alerts (DependaBot ) - Code scanning for security issues (CodeQL ) - Secret scanning for exposed credentials | Notes |
Service
| Provider | Purpose | Terms Of Use |
|---|---|---|
| Auth0 | Identity proxy for logins | Notes |
| Azure | Cloud provider for compute and data storage | Notes |
| JIRA | Issue tracking | Notes |
| GitHub | Source Control | Notes |
| Slack | Notification platform | Notes |