Weblate 开发坚持`Linux 基金会核心基础架构计划的最佳实践。<https://bestpractices.coreinfrastructure.org/projects/552>`_。
Tracking dependencies for vulnerabilities¶
There might be vulnerabilities in third-party libraries which do not affect Weblate, so those are not addressed by releasing bugfix versions of Weblate.
This allows us to detect vulnerabilities early and release improvements quickly.
You can get the results of these scans at GitHub — they are stored as artifacts on our CI in the SARIF format (Static Analysis Results Interchange Format).