Skip to Content
GuidelinesTools and services to use

Tools and Services

Integrated Development Environment (IDE)

ProviderDescriptionTerms Of Use
Visual Studio IDE for C# built by MicrosoftNotes 
Visual Studio Code IDE for JS and C# built by MicrosoftNotes 

IDE Extensions

Visual Studio Code

ProviderDescriptionTerms Of Use
ESLint Find and fix problems in your JavaScript code. ESLint statically analyzes your code to quickly find problems. It is built into most text editors and you can run ESLint as part of your continuous integration pipeline.Notes 
Prettier An opinionated code formatter.Notes 
EditorConfig EditorConfig helps maintain consistent coding styles for multiple developers working on the same project across various editors and IDEs.Notes 

Web Browsers

ProviderDescriptionTerms Of Use
Microsoft Edge Browser built by MicrosoftNotes 
Google Chrome Browser built by GoogleNotes 

Build Automation

ProviderDescriptionTerms Of Use
Cake Build system for DotNetNotes 
Vite Next Generation Frontend ToolingNotes 

Dependencies

The SBOM for each application can be found for each repository in GitHub under Insights -> Dependency graph. An aggregated view is available on organization level.

Vetting Tools for Dependencies

GitHub Advanced Security is used to automatically detect, monitor, and vet dependencies in all repositories. The dependency graph and Dependabot features identifies outdated or vulnerable packages and keep our software supply chain secure. All project dependencies are regularly reviewed and updated based on alerts and recommendations from GitHub Advanced Security.

The security findings for each application can be found for each repository in GitHub under Security -> Dependabot. An aggregated view is available on organization level.

Vulnerability Management

GitHub Advanced Security is used for continuous vulnerability management. It provides automated alerts for vulnerable dependencies, code scanning for security issues, and secret scanning to prevent accidental exposure. Dependabot automatically creates pull requests to remediate vulnerabilities, ensuring prompt response and mitigation. All repositories are required to have these features enabled and monitored. This is ensured using global rules forced to all existing repositories and all newly created repositories in the organization.

The security findings for each application can be found for each repository in GitHub under Security -> Code scanning. An aggregated view is available on organization level.

Security Tools

ProviderDescriptionTerms Of Use
GitHub Advanced Security - Automated dependency vetting and vulnerability alerts (DependaBot  )
- Code scanning for security issues (CodeQL )
- Secret scanning for exposed credentials
Notes 

Service

ProviderPurposeTerms Of Use
Auth0 Identity proxy for loginsNotes 
Azure Cloud provider for compute and data storageNotes 
JIRA Issue trackingNotes 
GitHub Source ControlNotes 
Slack Notification platformNotes 
Last updated on