[{"data":1,"prerenderedAt":564},["ShallowReactive",2],{"blog-getting-started/shipped-now-what":3},{"id":4,"title":5,"body":6,"category":540,"date":541,"dateModified":541,"description":542,"draft":543,"extension":544,"faq":545,"featured":543,"headerVariant":549,"image":550,"keywords":550,"meta":551,"navigation":552,"ogDescription":553,"ogTitle":550,"path":554,"readTime":555,"schemaOrg":556,"schemaType":557,"seo":558,"sitemap":559,"stem":560,"tags":561,"twitterCard":562,"__hash__":563},"blog/blog/getting-started/shipped-now-what.md","You Shipped an App. Now What?",{"type":7,"value":8,"toc":516},"minimark",[9,13,19,32,37,40,43,47,50,53,87,91,94,97,129,133,136,139,171,175,178,183,215,219,222,236,245,249,252,256,280,284,288,291,295,345,349,366,370,373,405,436,458,470,482,485,504],[10,11,12],"p",{},"~\nYou'll understand this in 8 minutes",[14,15,16],"tldr",{},[10,17,18],{},"Launching is just the beginning. In the first week, run a security scan and fix critical issues. Set up monitoring for unusual activity. Keep dependencies updated. Have an incident response plan ready. Security isn't a one-time task. It's ongoing maintenance like everything else.",[20,21,22,29],"definition-box",{},[10,23,24,28],{},[25,26,27],"strong",{},"CheckYourVibe defines post-launch security"," as the ongoing practices that protect your live application and its users after deployment. Launching marks the transition from building to protecting. Your app now has real users with real data, and it's exposed to the internet 24/7. Post-launch security ensures that the effort you put into building doesn't get undermined by neglecting maintenance.",[10,30,31],{},"CheckYourVibe data shows 60% of security incidents occur in apps that haven't been scanned in 30+ days.",[33,34,36],"h2",{"id":35},"congratulations-you-shipped","Congratulations, You Shipped!",[10,38,39],{},"Getting your app live is a major accomplishment. Most vibe-coded projects never make it this far. You've built something real that people can use.",[10,41,42],{},"But launching is a transition, not an ending. Your app now has real users with real data. It's exposed to the internet 24/7. Here's how to keep it secure going forward.",[33,44,46],{"id":45},"the-first-week-after-launch","The First Week After Launch",[10,48,49],{},"!\nUrgent: First 24-48 Hours",[10,51,52],{},"These tasks should happen immediately after launch:",[54,55,56,63,69,75,81],"ul",{},[57,58,59,62],"li",{},[25,60,61],{},"Run a security scan"," on your production environment",[57,64,65,68],{},[25,66,67],{},"Fix any Critical issues"," found in the scan",[57,70,71,74],{},[25,72,73],{},"Verify HTTPS"," is working correctly",[57,76,77,80],{},[25,78,79],{},"Check that .env files"," aren't accessible via the web",[57,82,83,86],{},[25,84,85],{},"Confirm database security"," (RLS enabled if using Supabase/Firebase)",[54,88,89],{},[57,90],{},[10,92,93],{},"Important: First Week",[10,95,96],{},"Handle these within the first week:",[54,98,99,105,111,117,123],{},[57,100,101,104],{},[25,102,103],{},"Set up error monitoring"," (Sentry, LogRocket, or similar)",[57,106,107,110],{},[25,108,109],{},"Configure basic logging"," for security events",[57,112,113,116],{},[25,114,115],{},"Address High severity issues"," from your scan",[57,118,119,122],{},[25,120,121],{},"Review authentication flows"," with real user data",[57,124,125,128],{},[25,126,127],{},"Check API rate limiting"," is in place",[54,130,131],{},[57,132],{},[10,134,135],{},"Ongoing: Regular Maintenance",[10,137,138],{},"Continue these practices long-term:",[54,140,141,147,153,159,165],{},[57,142,143,146],{},[25,144,145],{},"Run security scans weekly"," or after significant changes",[57,148,149,152],{},[25,150,151],{},"Update dependencies"," at least monthly",[57,154,155,158],{},[25,156,157],{},"Review access logs"," for unusual patterns",[57,160,161,164],{},[25,162,163],{},"Rotate API keys"," periodically (every 90 days)",[57,166,167,170],{},[25,168,169],{},"Back up user data"," regularly",[33,172,174],{"id":173},"what-to-monitor","What to Monitor",[10,176,177],{},"You don't need enterprise-level monitoring, but you should know when something's wrong. Watch for:",[179,180,182],"h3",{"id":181},"signs-of-potential-problems","Signs of Potential Problems",[54,184,185,191,197,203,209],{},[57,186,187,190],{},[25,188,189],{},"Spike in failed login attempts:"," Could indicate a brute force attack",[57,192,193,196],{},[25,194,195],{},"Unusual API usage patterns:"," Many requests from one IP, or requests at odd hours",[57,198,199,202],{},[25,200,201],{},"Error rate increases:"," Might indicate someone testing for vulnerabilities",[57,204,205,208],{},[25,206,207],{},"Unexpected database queries:"," Could suggest SQL injection attempts",[57,210,211,214],{},[25,212,213],{},"New admin accounts:"," If you didn't create them, investigate immediately",[179,216,218],{"id":217},"simple-monitoring-setup","Simple Monitoring Setup",[10,220,221],{},"At minimum, implement these basics:",[54,223,224,227,230,233],{},[57,225,226],{},"Log all authentication events (logins, failures, password resets)",[57,228,229],{},"Track API endpoint usage",[57,231,232],{},"Set up alerts for error spikes",[57,234,235],{},"Monitor your hosting costs (unusual spikes can indicate abuse)",[237,238,239],"tip-box",{},[10,240,241,244],{},[25,242,243],{},"Start simple:"," You don't need complex monitoring from day one. Start with basic logging and add more as you grow. The important thing is having some visibility into what's happening.",[33,246,248],{"id":247},"keeping-dependencies-updated","Keeping Dependencies Updated",[10,250,251],{},"Outdated dependencies are one of the easiest ways for attackers to compromise your app. When security vulnerabilities are discovered in packages you use, updates are released. If you don't update, you remain vulnerable.",[179,253,255],{"id":254},"update-process","Update Process",[257,258,259,267,274,277],"ol",{},[57,260,261,262,266],{},"Run ",[263,264,265],"code",{},"npm audit"," weekly to check for known vulnerabilities",[57,268,269,270,273],{},"Apply security patches (",[263,271,272],{},"npm audit fix",") promptly",[57,275,276],{},"Review major version updates before applying (they may have breaking changes)",[57,278,279],{},"Test after updating to ensure nothing broke",[281,282],"checklist-section",{"title":283},"Post-Launch Security Checklist",[33,285,287],{"id":286},"if-something-goes-wrong","If Something Goes Wrong",[10,289,290],{},"Even with good security practices, incidents can happen. Having a plan makes the difference between a minor issue and a major disaster.",[179,292,294],{"id":293},"incident-response-steps","Incident Response Steps",[257,296,297,303,309,315,321,327,333,339],{},[57,298,299,302],{},[25,300,301],{},"Stay calm."," Panicked decisions make things worse.",[57,304,305,308],{},[25,306,307],{},"Assess the scope."," What was accessed? How long was the exposure?",[57,310,311,314],{},[25,312,313],{},"Contain the damage."," Rotate compromised credentials, take systems offline if needed.",[57,316,317,320],{},[25,318,319],{},"Identify the cause."," How did the attacker get in?",[57,322,323,326],{},[25,324,325],{},"Fix the vulnerability."," Don't just clean up. Fix the root cause.",[57,328,329,332],{},[25,330,331],{},"Notify affected users."," If user data was exposed, they need to know.",[57,334,335,338],{},[25,336,337],{},"Document everything."," What happened, when, and what you did about it.",[57,340,341,344],{},[25,342,343],{},"Learn and improve."," What will you do differently to prevent this?",[179,346,348],{"id":347},"credentials-to-rotate-after-an-incident","Credentials to Rotate After an Incident",[54,350,351,354,357,360,363],{},[57,352,353],{},"All API keys (OpenAI, Stripe, AWS, etc.)",[57,355,356],{},"Database passwords",[57,358,359],{},"JWT secrets",[57,361,362],{},"Any other tokens or secrets in your .env file",[57,364,365],{},"User sessions (force everyone to log in again)",[33,367,369],{"id":368},"building-security-into-your-workflow","Building Security Into Your Workflow",[10,371,372],{},"Security works best when it's routine, not an afterthought. Build these practices into your development workflow:",[54,374,375,381,387,393,399],{},[57,376,377,380],{},[25,378,379],{},"Before deploying:"," Run a security scan",[57,382,383,386],{},[25,384,385],{},"When adding features:"," Ask security questions (who can access this? what could go wrong?)",[57,388,389,392],{},[25,390,391],{},"Weekly:"," Check for dependency updates",[57,394,395,398],{},[25,396,397],{},"Monthly:"," Review access logs and rotate credentials",[57,400,401,404],{},[25,402,403],{},"Quarterly:"," Do a more thorough security review",[406,407,408,415,421,427],"faq-section",{},[409,410,412],"faq-item",{"question":411},"How often should I run security scans after launching?",[10,413,414],{},"Run scans at least weekly for actively developed apps, or after every significant code change. Set up automated scans if possible. At minimum, scan monthly even for apps that aren't actively developed.",[409,416,418],{"question":417},"What should I monitor after my app launches?",[10,419,420],{},"Monitor for failed login attempts, unusual API usage patterns, error spikes, and unexpected database queries. Also watch for new vulnerabilities in your dependencies and keep them updated.",[409,422,424],{"question":423},"What do I do if my app gets compromised?",[10,425,426],{},"Stay calm and act quickly. Rotate all credentials, take the app offline if necessary, identify what was accessed, notify affected users, fix the vulnerability, and document what happened for future reference.",[409,428,430],{"question":429},"How often should I update dependencies?",[10,431,432,433,435],{},"Check for updates weekly with ",[263,434,265],{},". Apply security patches immediately. Review and apply non-security updates at least monthly. Always test after updating to catch breaking changes.",[437,438,440,444],"step",{"number":439},"1",[33,441,443],{"id":442},"where-to-go-next","Where to Go Next",[437,445,446],{"number":439},[437,447,448,451,455],{"number":439},[10,449,450],{},"For New Features",[179,452,454],{"id":453},"develop-a-security-mindset","Develop a Security Mindset",[10,456,457],{},"Build securely as you add new features to your live app.",[437,459,460,463,467],{"number":439},[10,461,462],{},"Be Prepared",[179,464,466],{"id":465},"incident-response-plan","Incident Response Plan",[10,468,469],{},"Know exactly what to do if something goes wrong.",[437,471,472,475,479],{"number":439},[10,473,474],{},"Reference",[179,476,478],{"id":477},"security-glossary","Security Glossary",[10,480,481],{},"Understand the terms in monitoring alerts and scan results.",[10,483,484],{},"::\n::",[486,487,488,494,499],"related-articles",{},[489,490],"related-card",{"description":491,"href":492,"title":493},"Think about security as you build","/blog/getting-started/security-mindset","Developing a Security Mindset",[489,495],{"description":496,"href":497,"title":498},"Fast improvements for your live app","/blog/getting-started/quick-wins","5-Minute Security Quick Wins",[489,500],{"description":501,"href":502,"title":503},"Scan your production app","/blog/getting-started/first-scan","Your First Security Scan",[505,506,509,513],"cta-box",{"href":507,"label":508},"/","Start Free Scan",[33,510,512],{"id":511},"scan-your-live-app","Scan Your Live App",[10,514,515],{},"Find security issues in your production environment.",{"title":517,"searchDepth":518,"depth":518,"links":519},"",2,[520,521,522,527,530,534,535,539],{"id":35,"depth":518,"text":36},{"id":45,"depth":518,"text":46},{"id":173,"depth":518,"text":174,"children":523},[524,526],{"id":181,"depth":525,"text":182},3,{"id":217,"depth":525,"text":218},{"id":247,"depth":518,"text":248,"children":528},[529],{"id":254,"depth":525,"text":255},{"id":286,"depth":518,"text":287,"children":531},[532,533],{"id":293,"depth":525,"text":294},{"id":347,"depth":525,"text":348},{"id":368,"depth":518,"text":369},{"id":442,"depth":518,"text":443,"children":536},[537,538],{"id":465,"depth":525,"text":466},{"id":477,"depth":525,"text":478},{"id":511,"depth":518,"text":512},"getting-started","2026-01-09","Your vibe-coded app is live. Here's what to do next to keep it secure: monitoring, maintenance, and responding to issues as they arise.",false,"md",[546,547,548],{"question":411,"answer":414},{"question":417,"answer":420},{"question":423,"answer":426},"green",null,{},true,"Your app is live. Here's how to keep it secure going forward.","/blog/getting-started/shipped-now-what","8 min read","[object Object]","BlogPosting",{"title":5,"description":542},{"loc":554},"blog/getting-started/shipped-now-what",[],"summary_large_image","UMFJJqQTpYf3ULy7NnlhbPh6rNlsukdL1n5DtMH_ijw",1775843921689]