Skip to main content

CommonGage Security Audits

CommonGage conducts regular internal security reviews of its codebase, dependencies, secrets management, and tenant data isolation.

Audit Practice

Reviews cover:

  • Codebase and dependency audits
  • Secrets management practices
  • Row-level security (RLS) and tenant isolation verification
  • Cloudflare configuration (CORS, routing, worker bindings)
  • Git history scanning for accidentally committed credentials

Current Status (as of 2026-06-29)

  • 0 critical, 0 high severity vulnerabilities in production runtime dependencies
  • All findings from the most recent internal audit have been resolved
  • No secrets have ever been committed to source control (only placeholder/template values appear in git history)
  • Tenant data isolation is enforced at the database level via PostgreSQL Row-Level Security, verified with integration testing

For questions about our security practices, contact hello@commongage.com.