Back to Compliance PortalCompliance document
Secure Development Practices Summary
Summary of VerbalCheck development, validation, dependency, and deployment security practices.
Audience
IT security teams, procurement reviewers, and technical stakeholders
Development practices
- Use version control for application changes.
- Validate TypeScript and production builds before release.
- Use targeted automated tests for security-sensitive behavior where available.
- Keep security-related changes narrowly scoped and reviewable.
Deployment validation
- Use preview-first validation for significant production changes.
- Run smoke checks across student, instructor, admin, and LMS-connected workflows after relevant releases.
- Disable debug and setup endpoints in production unless explicitly required and protected.
Dependency and secret practices
- Use dependency audit, secret scanning, and SAST tooling as part of the security workflow.
- Store production secrets in provider-managed environment variables.
- Rotate high-value credentials when exposure or configuration risk is identified.