Issue
Does Sentry regularly scans for vulnerabilities? What tools are used and what is the cadence?
Applies To
- All SaaS Customers
- Security & Compliance
Resolution
Yes, we regularly scan for vulnerabilities in our product.
The tools we use and cadence:
- CodeQL / Dependabot for code vulnerabilities. Cadence: every pull request
- Fleetdm / GCP tools for infra scanning - at least daily
- Tenable for network vulnerability scanning - at least daily