...
- Participation to Atlassian's bug bounty program, vulnerabilities reported by Atlassian themselves, and obviously we'll also listen to vulnerabilities reported by external people,
- Regular pentests (once Once a year - Please check out our last pentest),
- NPM's automatic tool (npm audit),
- Maven's automatic tool (Maven Dependency Check, which uses the NIST / OWASP database and also detects NPM-related vulnerabilities).
...