Skip to main content

Live security posture

Security status

Every security control we operate, scanned or probed continuously, with the latest result. No marketing claims — just data. A tile is green when the control is healthy, amber when it needs attention, red when action is required, and grey when we are awaiting the next run.

22
Healthy
0
Attention
0
Action required
11
Awaiting first run

Code & supply chain

Source-code analysis, dependency vulnerabilities, secret detection.

Static code analysis

0 critical · 0 high · 0 medium

2 days ago

Static code analysis (complementary)

0 error · 0 warning

1 day ago

Static code analysis (project rules)

0 error · 0 warning

1 day ago

Dependency vulnerabilities

0 critical · 0 high · 0 moderate · 0 low

1 day ago

Known-vulnerable libraries

0 known-vulnerable libraries

1 day ago

Dependency advisories

0 open advisories

3 hours ago

Supply-chain integrity

0 vulnerabilities

1 day ago

Secret leak detection

0 leaked secrets in history

1 day ago

Filesystem & misconfiguration scan

scan output missing

1 day ago

Infrastructure-as-code scan

0 failed · 3263 passed

1 day ago

GitHub Actions security audit

scan output missing

1 day ago

Web application

Active scans against the running site for known classes of vulnerability.

Web application baseline scan

scan output missing

1 day ago

Known-CVE web scan

0 critical · 0 high · 0 medium · 0 low

2 days ago

Lighthouse + accessibility

0 open issues

1 day ago

API & authentication

Continuous tests of authentication, authorization, and webhook integrity.

API security test suite

all security tests passed (1 non-security failure)

11 min ago

Webhook signature failures (rolling 24h)

0 webhook events processed (24h)

39 min ago

Rate-limit pressure (rolling 24h)

aggregator not yet implemented

39 min ago

Network & TLS

Transport security, certificate health, exposed surface area.

TLS / SSL grade

grade A+

39 min ago

HSTS preload status

preloaded

39 min ago

Certificate transparency

probe failed

39 min ago

DNS & email integrity

Domain configuration, anti-spoofing, certificate transparency.

Email anti-spoofing (SPF / DKIM / DMARC)

SPF + DMARC at 'reject'

39 min ago

Certificate Authority Authorization

13 CAA records

39 min ago

Browser security

Response headers + Content Security Policy as observed by an external probe.

OWASP secure headers

12/17 passed · 0 actionable · 5 excluded

1 day ago

Mozilla Observatory grade

grade B+ · 1 excluded

39 min ago

Content Security Policy enforcement

CSP enforced

39 min ago

Threat intelligence

Breach databases, attack-surface drift, suspicious traffic patterns.

Credential leak monitoring

no admin emails in known breaches

39 min ago

Subdomain inventory drift

crt.sh unavailable

6 days ago

Honeypot detections (rolling 24h)

aggregator not yet implemented

39 min ago

WAF rule trigger volume

aggregator not yet implemented

39 min ago

Audits & exercises

Independent assessments and internal drill cadence.

Last independent penetration test

no pen test recorded

2 days ago

Last disaster-recovery drill

DR drill 26d old

2 days ago

Last incident-response tabletop

tabletop 13d old

2 days ago

Open security findings

0 open security findings

2 days ago

How this page works

Tiles are powered by automated scanners (run on schedule), live external probes (run hourly), and manually-recorded artefacts (audits, drills, tabletops). A tile flips to grey if its expected cadence elapses without a fresh result — "we don't know" is more honest than a stale green dot.

Procurement teams: this page reflects current state. For the underlying policies, sub-processor list, and signed documentation, /security and our CAIQ-aligned questionnaire.