Support Portal

Submit a ticket My Tickets

What is a Technical Audit and what does it cover?

During the sales process you possibly went through you likely saw a line item called "Technical Audit", this item includes the following actions and benefits for you as the Strapi customer.

Technical Kick-off call

Our team of Solutions Engineers will engage with you to have a technical kick-off call with your team and during this call, we will gather some information about your technical stack, review the information with you, and provide some guidance on various subjects:

  • Please provide detailed information about your infrastructure and hosting provider. It is highly appreciated if you are able to share any infrastructure diagrams.
    • Specifically we are happy to help validate the whole infrastructure stack from your DNS all the way down to your database and touching on things like load balancers (edge network and database), Strapi backend/frontend hosting methods, file providers, SSO, and 3rd party authentication
  • Covering any best practice recommendations for hosting, traffic shaping, load balancing, fault tolerance, backup/restore methodologies, SDKs, and many other topics 
  • Answering any technical questions or concerns your team might have or have run into during your trial period
  • Covering some content modeling best practices depending on your use-case such as when best to use relations vs components, common naming systems, and covering the three built in authentication/roles systems
  • Helping you to bypass any initial blockers on getting your application into production within your time frame

Project Code Audit

After the technical kick-off call, we are happy to help take a look at your existing code-base and provide any best practice recommendations to prevent problems in the immediate future or in the long term future as your project evolves over time. 

If your company requires us to sign an NDA we are happy to do so, please work with your technical contact after the technical kick off call to send us your NDA and we will get that back to you ASAP.

Once the NDA is signed (if required) then we will work with you to temporarily have access to your Strapi source code. All of our Solutions Engineers are familiar with GitHub, GitLab, and Bitbucket and can provide some contact information for you to share your code directly with us. Alternatively you can simply provide us with .zip or .tar.gz export from your source control system.

We will never ask you for a database export unless you have sanitized any personal or private information such as user account information or any information that requires special care such as PHI (protected health information) or PII (personally identifiable information).

Specifically what we are looking at are some of, but not limited to, the following:

  • Configuration files and their structure, largely validating environmental based configuration and database pooling configurations
  • Application structure
  • Automation and CI/CD configurations (especially production and development docker configuration)
  • Security audit of your additional dependencies 
  • Content modeling structure (largely identifying potential performance problems)
  • Custom code validation (we certainly will try our best here, but cannot guarantee as everyone has different code styles)
  • Community or 3rd party plugin validation (also included as part of the security audit)

If you have anything additional or specific you would like us to focus on, please inform us before the audit starts. Most audits may take a few days for us to process and actual audit time may take a few hours excluding any time for us to pull specific research materials as references for you.


Derrick is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.