The idea of having an audit process - manual automated or augmented via tools like Dependabot and setting up automating policies or scanning via
sounds like something to do – and to that end since there is a meetup this Friday, let’s open it up for discussion and see if anyone from the community wants to take the lead on what the next steps should be.