Skip to main content
Private preview. fremforge is in private preview — invited customers only. Content is still subject to change. Request access →
Security
Weekly digest

Weekly security digest

The weekly digest is an opt-in transactional email for org admins. One email per Monday, per subscriber, summarising the past week’s security posture and pointing at the day’s fix list.

What’s in it

Open findings
  Critical: 4
  High:     12
  Resolved in the last 7d: 8
  Past SLA: 1

Top 5 fixable today (EPSS-weighted)
  acme/api: lodash 4.17.20 → 4.17.21 (critical, EPSS 23.4%)
  acme/web: postcss 8.4.18 → 8.4.31 (high, EPSS 12.1%)
  ...

Open the full dashboard: https://frem.sh/acme/_admin/code-security

Subjects are tuned for the inbox: "[fremforge] Weekly security digest — 4 critical, 12 high open". If you see “0 critical, 0 high open” every week, you can unsubscribe without missing anything.

Subscribing

The subscription UI ships on /<org>/_admin/security in the next release; until then operators can seed initial subscriptions on request. One row per (tenant, recipient_email) — multiple admins per org can subscribe independently.

Cadence

  • Weekly — default. Email lands Monday 07:00 in the org’s billing timezone.
  • Daily — premium tier (enterprise plans). Useful during compliance evidence collection windows when MTTR matters.

A finding’s age, severity, EPSS score, and fix-availability are all snapshot at compose time. The same finding can appear on multiple weeks if it stays open — that’s deliberate; the goal of the email is “this hasn’t been fixed yet”, not a one-shot alert.

Privacy

The digest goes through Lettermint (NL, EU sub-processor) like every other transactional email on fremforge. No third-party trackers; the only link target is your own org dashboard.

See also

Branch protectionSIEM forwarding