/
DIGI Dev Security Best Practices

DIGI Dev Security Best Practices

Owned by Piotr Mankowski
Last updated: Feb 20, 2025

3.3 Secure Code Practices

  • Static & Dynamic Scanning: Use SAST/DAST tools (e.g., SonarQube, OWASP ZAP) to detect code vulnerabilities.

  • Dependency Updates: Keep third-party libraries current; track vulnerabilities with Dependabot, Snyk, Renovate, etc.

  • API Rate Limiting: Limit requests per time unit per client to prevent abuse or accidental overuse.

  • Secure Coding Guidelines: Adhere to OWASP or other established best practices. (Optional additional item)

 

1.2 Docker Security Best Practices

  • Run Containers as Non-Root: Drop privileges in the container where possible.

  • Use Official or Trusted Base Images: Keep images patched and regularly updated.

  • Minimize Attack Surface: Use multi-stage builds and minimal base images (e.g., Alpine, Distroless).

  • Vulnerability Scanning: Use container scanning tools (e.g., Trivy, Clair) to detect known vulnerabilities. (Optional additional item)