Code Quality and Security Scanning
We use SonarQube to analyze our code quality and code security. This allows us to catch issues very early in the development process, before we get to formal code reviews and user acceptance testing (UAT). This ensures that by the time we are ready for a release, our code is as robust as possible. We test against all currently supported Office versions before every release.
Various services of ours use open source libraries, which are reviewed regularly. In addition to the scanning of our code, we rely on Mergebase and Github's Dependabot service to double check that we do not use any dependencies that have known vulnerabilities.