In addition to the services that GitHub and SonarCloud provide, the OpenNMS community also reports on vulnerabilities. With thousands of users and companies running the software, many in DoD, we have a lot of eyes and vulnerability scans on the software.