Security of your common ground component henchmens on a few factors and is (in fact) for the most part provided by the common ground ecosystem. But there are definitely some steps that you should undertake yourself. We will however first briefly explain the security principles set in place so that you understand how you are being supported and what the limitation of that support is.
First of the code base, if you are extending the common ground-proto-component your code base will exist out of three parts.
- The general API-Platform framework and vendor libraries
- The common ground specific extensions
- Your personal code
For the first two parts there is very little to worry about, symphony has an excellent safety reputation.
What you sould however definitly do...
- Follow the steps to regularly merge updates from the common ground proto repository into your codebase
- Use the provided travis ci scipting