- [ ] all app.config[] to have .env (hardcoded-credentials Embedding credentials in source code risks unauthorized access)
