De Snyk and refer to Dependabot/npm audit only (#123)

paulsimonandrews · web-flow · commit 6943414cc455 · 2026-04-14T15:06:55.000+01:00
https://eaflood.atlassian.net/browse/PDEV-279
diff --git a/docs/guides/continuous_integration.md b/docs/guides/continuous_integration.md
@@ -28,7 +28,7 @@ There are lots of other tools which can integrate with GitHub, especially if you
 
 These tools check the security of your project. This can include reporting vulnerabilities in your dependencies, or doing static analysis on your code.
 
-- Use [Snyk](https://snyk.io/) for Node.js projects
+- Use [Dependabot](https://docs.github.com/en/code-security/tutorials/secure-your-dependencies/dependabot-quickstart-guide) and/or [npm audit](https://docs.npmjs.com/cli/v9/commands/npm-audit) for Node.js projects
 - Use [Hakiri](https://hakiri.io/) for Ruby projects
 
 These tools are free to use for open source GitHub repositories.
diff --git a/docs/guides/opening_private_code.md b/docs/guides/opening_private_code.md
@@ -10,7 +10,7 @@ However, you may sometimes inherit code that is not open - these steps are inten
 
 - Check for sensitive information: ensure there are no credentials, API keys, or sensitive data in your code. Tools such as gitLeaks can be used for this purpose. You must check your entire commit history, not just the latest code.
 
-- Security flaws: identify and fix any security vulnerabilities. You should analyse your code using SonarQube Cloud to identify security issues in the code and use a tool such as Snyk to check your dependencies for known vulnerabilities.
+- Security flaws: identify and fix any security vulnerabilities. You should analyse your code using SonarQube Cloud to identify security issues in the code and use a tool such as Dependabot or npm audit to check your dependencies for known vulnerabilities.
 
 ## Documentation
 
diff --git a/docs/standards/node_standards.md b/docs/standards/node_standards.md
@@ -18,7 +18,7 @@
 ### Package Management
 - Use NPM.
 - Use a package.json and package-lock.json for repeatable builds.
-- Use an automated checker such as Snyk or Dependabot to ensure that your dependencies are up to date with the
+- Use an automated checker such as Dependabot or npm audit to ensure that your dependencies are up to date with the
   latest patches.
 - Separate dependencies and dev dependencies.
 - Update your version number inline with the [semantic versioning standard](https://semver.org/).
