CommonGage Security Audits
CommonGage conducts regular internal security reviews of its codebase, dependencies, secrets management, and tenant data isolation.
Audit Practice
Reviews cover:
- Codebase and dependency audits
- Secrets management practices
- Row-level security (RLS) and tenant isolation verification
- Cloudflare configuration (CORS, routing, worker bindings)
- Git history scanning for accidentally committed credentials
Current Status (as of 2026-06-29)
- 0 critical, 0 high severity vulnerabilities in production runtime dependencies
- All findings from the most recent internal audit have been resolved
- No secrets have ever been committed to source control (only placeholder/template values appear in git history)
- Tenant data isolation is enforced at the database level via PostgreSQL Row-Level Security, verified with integration testing
For questions about our security practices, contact [email protected].