# Platform Quality and Security Workstream
The PQS workstream is dedicated to the assessment, maintenance and enhancements to security and quality of the Mojaloop platform, encompassing connectivity to participating DFSPs (including transactions) and the security of hub operator portals, and of the Mojaloop Open source codebase and related artefacts.
# Business Justification
This ensures the Mojaloop platform quality & security is maintained; vulnerability management is done and mitigations planned. Working with adopters, community members to improve security and quality incrementally. Provide features to support compliance and address gaps.
# Contributors
| Workstream Lead | Contributors |
|---|---|
| Sam Kummary | Juan Correa Devarsh Shah Shuchita Prakash Shashi Hirugade |
# Latest Update (Summary)
The Platform Quality and Security workstream has maintained its focus on vulnerability management, CI/CD upgrades, and software integrity assurance. Mojaloop v17.1.0 was released with zero known vulnerabilities, and the team resolved high-profile issues such as the Axios vulnerability across libraries and services. All Helm charts now support digital provenance, and a comprehensive Software Bill of Materials (SBOM) is included in release metadata. CI pipelines are being modernised, and the team resumed efforts toward the OpenSSF/FLOSS self-assessment badge. Some objectives, including finance portal refactoring and integration of GitHub’s new code quality tools, remain active backlog items.
# Applicability
This version of this document relates to Mojaloop Version 17.1.0 (opens new window)
# Document History
| Version | Date | Author | Detail |
|---|---|---|---|
| 1.0 | 25th November 2025 | Paul Makin | Initial version |