📝 We compile all issues we find into a preliminary report and share it with you. It will describe each identified issue and suggest potential methods for fixing them. It will also include a link to a Notion document where you will respond to each issue.
🤔 Your team will then review the preliminary report and decide how you want to address each issue. You’ll complete any fixes in a separate branch of your repo that only contains code addressing the issues we found.
<aside> ℹ️ See Completing Your Fixes for more information.
</aside>
<aside> 📌 Whenever possible, please complete your fixes within 2 weeks after we deliver the preliminary report. For more information, see What happens if we can’t complete all fixes within 2 weeks of receiving the preliminary report?
</aside>
🔬 We'll perform a final review of your fixes to verify that they adequately address each issue without introducing new ones.
<aside> 📌 Our pricing includes up to 1 day of fixes review for each week spent on an audit. For example, if the audit is two weeks long, we'll spend up to 2 days reviewing your fixes for free. Audits lasting less than one week will include 0.5 days of fixes review. We will preemptively inform you if more time is needed and will bill at the same prorated daily rate we charged for the audit.
</aside>
<aside> ℹ️ Rarely, more time may be needed to review your fixes if they introduce substantial changes and it becomes hard to maintain confidence in security without doing a deeper review.
</aside>
📑 We'll then generate a private version of the final report and share it with you. You can choose to keep the report private or ask us to make it public.
<aside> ℹ️ You can see some of our final reports here to see what they include.
</aside>
💲 Lastly**, we’ll issue the final invoice with the remaining balance due for the audit**.